Be on the alert when opening emails that appear to come from Facebook: An extra “o” can go a long way toward determining whether they are authentic or part of a malware attack.

Sophos’ Naked Security blog warned of a wave of fake Facebook emails saying that recipients have been tagged in photos on the social network.

How can you spot the fakes? According to Naked Security, in this particular malware effort, there is an extra “o” in Facebook in the sender’s email address (notification@faceboook.com). Or recipients can hover over the link with their cursors and see that the page they will be redirected to is not a Facebook.com page.

Recipients who click on the link are taken to a website that hosts an iFrame script that can infect their PCs with malware. Then, within four seconds, a meta redirect takes users to the Facebook pages of random individuals who have no part in this scam.

Readers: Have you received any similar emails?

Screen shot courtesy of Naked Security.