Beware of ‘you’ve been tagged’ Facebook scam

19 Jul 2012

Internet users are being warned to beware of a new email scam doing the rounds whereby they receive an email telling them they’ve been tagged in a photo. Clicking on the link leads to a black hole exploit kit that puts malware onto users’ machines.

SophosLabs has intercepted a spammed-out email campaign, designed to infect recipients’ computers with malware.

The security software player is adding detection of the malware as Troj/JSRedir-HW.

Future Human

“If you click on the link in the email, you are not taken immediately to the real Facebook website,” Sophos’ Graham Cluley explained.

“Instead, your browser is taken to a website hosting some malicious iFrame script,” he added.

“To act as a smokescreen, however, within four seconds your browser is taken via a META redirect to the Facebook page of a presumably entirely innocent individual.”

One of the ways of spotting the hoax emails is the misspelling of Facebook as “faceboook”, with three Os.


John Kennedy is a journalist who served as editor of Silicon Republic for 17 years