Your Facebook friend didn’t really call you a “piece of shit.” It’s actually malware.

Sophos’ Naked Security blog reported on the latest attempt to bail Facebook users into clicking on links that take them not to the social network, but, in this case, to a website disguised as a Facebook page, which hosts malicious iFrame script Mal/Iframe-W, which subjects users to the risk of infection via the Blackhole exploit kit.

Naked Security points out that the first red flag on these emails is the email address they are allegedly coming from: comments@faceb00k.com. The email then reads:

Hi,

[Friend’s name] commented on your Wall post.

[Friend’s name] wrote: “you piece of shit!!!”

See the comment thread

Reply to this email to comment on this post.

Thanks,

The Facebook Team

Naked Security also pointed out that users who hover their mice over the link would notice that it does not direct them to Facebook.

Readers: Have you seen any similar emails?

Screen grab courtesy of Naked Security.