Popular social networking leader Facebook warned users this week of a large-scale phishing scam, aimed at installing malware (software that performs a malicious function) on user's computers.
The message to users, via email, claims to be from Facebook, and says that the user's password has been changed, which can be found in an attachment to the email message. If the user clicks on the attachment, all passwords on their computer could be compromised – not just their Facebook login.
Similar scams have circulated in the past, with the culprits claiming to be everyone from Bank of America, to the IRS. The ultimate goal of these unscrupulous spammers is to gain access to personal information, such as Social Security numbers, bank account and credit card information, or even PayPal logins.
It is estimated that millions of these emails have been sent out over the past two days, with a return email address that looks legitimate (email@example.com) but has been “spoofed” or camouflaged to appear legitimate.
In a post on their website, Facebook reminds users that they will never send a new password as an email attachment and recommends deleting the email immediately. http://www.facebook.com/security