WARNING: Malware Poses As Facebook Account-Cancellation Email

Internet security firm Sophos warned of malware disguised as an email from Facebook telling recipients the social network received requests from them to cancel their accounts.

Sophos outlined the malware scam in a post on its Naked Security blog.

Potential victims receive emails, supposedly from Facebook, which read:

Hi [email address]

We are sending you this email to inform you that we have received an account cancellation request from you. Please follow the link below to confirm or cancel this request.


The Facebook Team

To confirm or cancel this request, follow the link below:

Click here

What makes this particular scam a little more dangerous than others is that the link goes to a Facebook.com address, which may encourage recipients to treat it as valid, although it actually takes them to a third-party application.

That app tries to hound recipients into installing an unknown Java applet, persisting even after the “no thanks” button is clicked. Those who continue receive a message that Adobe Flash must be updated.

Of course, rather than a Flash update, files are added to users’ WIN32 folders, which enable remote spying and hacking.

Sophos said its security products detect the malware as Mal/SpyEye-B and Troj/Agent-WHZ and block access to its website.

As Sophos pointed out, this particular scam plays on the emotions of Facebook users who fear losing access to their accounts.

Readers: Have you received any emails similar to the one illustrated by Sophos?

Warning sign image courtesy of Shutterstock. Screen shots courtesy of Sophos.

Related Stories
Mediabistro Course

Marketing with Facebook Insights

Marketing with Facebook InsightsStarting October 2, learn how to use Facebook's analytics tool to track and optimize your marketing efforts! Taught by the group marketing manager of social media at Microsoft/BingAds, Geoffrey Colon will show you how insights works, how to measure key performance indicators, and make your data actionable. Register now!