INFORIDS

Facebook users can fell a prey to a new wave of malicious emails that target Facebook users by sending messages falsely claiming that a fresh login system is being implemented, directs people to a phishing site and also attempts to infect them with malware.

The emails, coming from @facebookmail.com addresses. says,

In an effort to make your online experience safer and more enjoyable, Facebook will be implementing a new login system that will affect all Facebook users. […] Before you are able to use the new login system, you will be required to update your account.

This phishing has two different types of attacks into one.

First, there is a phishing component, which attempts to trick Facebook users into exposing their login credentials.

Visiting the included link will take users to a fake Facebook login page, where their email address is already filled in and they have to input their passwords. Once someone falls victim to the phishing trick, they are redirected to yet another page that encourages them to download a malicious file.

Facebook Bogus Login Page

Second, The file is called updatetool.exe is in fact a malware and is advertised as an official Facebook utility for upgrading accounts. In reality, this executable installs a new version of the Zeus banking trojan, detected by Trend Micro as TROJ_ZBOT.CDX.( Image Credits: Devils Workshop, trendmicro)

This is a nice example cybercriminals can be just to steal precious information & infect your system from malwares. Don’t be just another victim.

So, What do you think on this type of email phishing? Will they really trap most of the facebook users? Comment & share your views.