Beware of ‘you’ve been tagged’ Facebook scam

19 Jul 2012

Internet users are being warned to beware of a new email scam doing the rounds whereby they receive an email telling them they’ve been tagged in a photo. Clicking on the link leads to a black hole exploit kit that puts malware onto users’ machines.

SophosLabs has intercepted a spammed-out email campaign, designed to infect recipients’ computers with malware.

The security software player is adding detection of the malware as Troj/JSRedir-HW.

“If you click on the link in the email, you are not taken immediately to the real Facebook website,” Sophos’ Graham Cluley explained.

“Instead, your browser is taken to a website hosting some malicious iFrame script,” he added.

“To act as a smokescreen, however, within four seconds your browser is taken via a META redirect to the Facebook page of a presumably entirely innocent individual.”

One of the ways of spotting the hoax emails is the misspelling of Facebook as “faceboook”, with three Os.


John Kennedy is a journalist who served as editor of Silicon Republic for 17 years