Facebook Spam on the Rise

There's a big surge in dangerous "Facebook" spam this week that's flooding email systems around the world. Our spam filter and threat analysts identified and blocked the email spam campaign immediately.

This one is especially dangerous because it looks so realistic (we've blurred out some of it):

Facebook spam

Facebook Spam Email - NEVER click the buttons or links in an email like this

Don't click on the buttons or links in any such email. Doing so could infect your computer with a virus or other malware. If you want to check friend requests, type "facebook.com" directly into your web browser's address bar and proceed from there.

How It Works

You receive an email that looks like it's from Facebook notifying you about a friend request. There are buttons to "Confirm the Request" and "See Other Requests", or something like that. There are also some links in the email (for example, to unsubscribe). Do NOT click the buttons or the links.

This is part of a massive and potentially dangerous spam campaign that includes other fake requests as well (like CNN and eBay). Many of the emails appear to be coming from zombie computers under the control of a botnet that's flooding email systems. The links and buttons in the email will take you to the scammer's webpage (or someone else's website that has been hacked) for an instant -- without you even knowing it -- and then onto facebook.

Facebook spam - How It Works

Facebook Spam Email - How It Works

According to Wes, one of our spam analysts: "For the brief moment you're on the scammer's website, it is probably looking for a security weakness on your web browser or computer that it can exploit, and then forwards you on to Facebook. It happens so quickly, most people don't realize they have been exposed."

We've been blocking this scam, so our customers probably never even saw one. In fact, SpamStopsHere now includes a proprietary spam blocker that can tell if an email is coming from a legitimate source (like Facebook) or not, further protecting our customers from such attacks.

How to Avoid Being Infected

NEVER click on the links or buttons in an email, no matter where it's from. Clicking on a link can take you somewhere you don't expect (or want) to go because the destination can be different from the text displayed in the email. That's how this scam works.

If you're curious to know where a link will take you, hover your mouse pointer over it (but DON'T click). The actual web address (URL) where the link will take you appears in a small window at the bottom of your browser as you hover over the link.

In this spam attack, the links appear to go to "zombie" machines. The URLs follow this pattern:

www.<some domain>.com/<random characters>/index.htm

That indicates an otherwise legitimate web server has been hacked by a botnet. The hacker created a directory named with random characters and installed its own potentially dangerous code there. If you were to open that index.htm or index.html in your browser (which you should NOT do), the web page might try to infect your computer, make it a zombie machine under control of the botnet, or do other harm.

For More Info

Our spam review team, along with our proprietary Spamalyzer 3.0, analyzes and blocks email threats for our customers 24/7/365. That's a claim almost no other antispam provider can make. Click here for more about SpamStopsHere and our 24/7/365 live support