Fake Facebook photo tag notification leads to malware

Beware of fake Facebook emails telling you that you’ve been tagged in a photo, as you could easily end up infected with malware.

The emails do visually resemble messages sent by the social network, but there are also some tell-tale signs that they might not be.

As an observant user is sure to notice, the “From” email address contains an “o” too many.

“If you click on the link in the email, you are not taken immediately to the real Facebook website,” Graham Cluley explains. “Instead, your browser is taken to a website hosting some malicious iFrame script (which takes advantage of the Blackhole exploit kit, and puts your computer at risk of infection by malware).”

A few seconds after that, the victim is redirected again to a Facebook page of a user that is not the same one that supposedly sent the email.

The action is supposedly performed to complete the illusion that the message was legitimate, but should actually alert victims that something is definitely wrong.