"Lost Message" Facebook Spam

If you get an email telling you you’ve “lost a message” on Facebook, guess what? The person who sent it to you isn't a friend.

In a new kind of phishing tactic, the email message (described here by Spamfighter) tells you that "Facebook sent you a notification" and "You have 1 lost message on Facebook, to recover a message follow the link below."

Don't do it. If you do, you'll be infected by malware. Before you know what’s happened, it’ll hit you again.

The first hit comes in the form of a fake Adobe Flash update to get around your defenses. How often has Adobe told you that you needed to upgrade their software, and how often have you just clicked OK? These ne’er-do-wells are preying on your most familiar reflexes.

The second hit comes from an iFrame, which is an HTML command that allows web designers to display one page inside another. Nothing wrong with that, except that technically astute but ethically impaired people can use them to send malware to your computer.

If you get this email message, just delete it.

That's easy enough if you get this exact message, but as often happens with malware, the wording is likely to change. And new but similar scams will pop up.

So use caution with emails from popular, membership-oriented sites, especially when they give you a strong motivation to click a link. Read the message carefully. Look for bad grammar and misspellings. If you use a web-based email program, hold your mouse pointer over the link, without clicking, and read the actual URL at the bottom of the window. Or simply ignore the emailed link and visit the site the way you normally would, either by clicking your own bookmark for the site or by typing in the URL on your own.

And get good protection. All three versions of Trend Micro Titanium will protect you from incoming malware, even if you've given it your permission to install. Titanium Maximum Security even includes additional protection for Facebook users.

Subscribe to the Security Watch Newsletter