Facebook Password Reset Confirmation Email Scam - Part II

After posting yesterday about the Facebook Password Reset Confirmation Email Scam, I received another variant of this same facebook email scam with attached virus.

The second variant of the email scam had the same harmful virus attached, and a few new features. The second variant of the Facebook Password Reset Confirmation Email Scam is pasted below:

Subject: Facebook Password Reset Confirmation YYYY

Hey [email-username],

Because of the measures taken to provide safety to our clients, your password has been changed.

You can find your new password in attached document.

Thanks,

The Facebook Team.

What was interesting about this variant is that it had 2 distinguishing characteristics from the variant from the previous post:

1. The email was customized and sent to the username portion of my email address
2. The email contained some identifier in the subject line presumable to enable the email scam artist to better track responses and possible to perform multi variate testing on different variations of the same email scam

Both of these distinguishing elements of the Facebook Password Reset Confirmation Email Scam show some marketing prowess by customizing the message in #1 to build trust and increase the response rate and #2 which was done to presumably track responses, another sign of marketing prowess.

Key Takeaways:

Never, and I mean never open an attachment from an unknown source. Even if you think you know the source (Facebook in this case), unless the source is from a trusted individual definitely do not open the attachment.  Don't be lulled into a false sense of security just because the email is personalized to you.

For More Information:

Facebook does not, based on their own policies, send user passwords in file attachments on a password reset request. Based on a scan of other sites on topic, it appears that those who are fooled into opening the attachment to "view their new password" will in fact be launching a copy of the Bredolab Trojan as featured in a recent article on abc news entitled "Facebookers Beware: Fake E-Mail Contains Virus.".

Once installed, the trojan is able to download and install other components such as key-loggers to capture everything you type on your computer including usernames and passwords, as well as software designed to identify and capture password that are then forwarded to the email scam artist enabling them to monitor and control the compromised computer without any knowledge of the computer owner, while giving the information that need to commit identity theft and bank fraud.