Recently, security researchers at Internet security firm Sophos identified a new malware campaign, which targets Facebook users. Attackers are purportedly sending e-mails, which appear to recipients as arriving from Facebook. The e-mail includes a well-crafted message, which advises the recipients to download a PDF attachment containing new password for their Facebook account as the currently used password is not safe. The malicious e-mail comes with different subject lines such as "your password has been changed", "the new password to your account", "personal data has been changed". The above sentence is preceded by the word, "Facebook" or "Facebook Support". The sentence is followed by an ID Number. The e-mails are not personalized. According to security researchers at Sophos, the e-mails claim toarrivefrommessage@,firstname.lastname@example.org@. Users must be wary of such e-mails as the companies are unlikely to change the passwords on their own and they will not send a PDF attachment. Further, genuine e-mails are more likely to be personalized.
Attackers may spoof e-mails or change the header to make the user believe that e-mails are arriving from a legitimate source. Users can direct visit the legitimate website and check whether they are able to log on with their existing passwords. Users may report such fraudulent e-mails to the targeted company and security response teams. Recipients who download the attachment may inadvertently infect their computers with Mal/Zbot-AV as identified by Sophos. Mal/Zbot-AV is a Fake AV downloader, which installs malware in several locations on the computer system. Internet security awareness is crucial to deal with consistent, well designed and sophisticated threats from cybercriminals. Users may gain insights on safe online computing practices through online IT courses and following security blogs, and updates from software developers. Internet users must install, update and regularly scan their computer systems with anti-virus and anti-malware software. They must avoid clicking on suspicious links and downloading e-mail attachments received from suspicious sources. They must use genuine software, adhere to security advisories and update software programs to safeguard their computer systems. The popularity of social media sites such as Facebook and Twitter makes them vulnerable to cyber threats.
Attackers constantly target users of social media sites through fraudulent schemes. Attackers tempt users to click on link or download attachments containing malware. The malware may be designed to delete, modify or extract files from the compromised computes. In the recent times, Facebook users have been targeted with various game, survey and event scams. Some of the scams seek access for rogue applications on Facebook account of a user. Once allowed access, the scams attempt to target people listed in the Friends list of the user. Vibrant online threats make it inevitable for security professionals to remain alert and regularly update their technical know-how by attending webinars, conferences and undertaking online IT degree programs. Professionals qualified in IT degree programs and security certifications may help developers in proactively devising new security mechanisms. Social media sites must work with Internet security firms to identify and alert users against spam and malware-ridden e-mail attachments.