Facebook - New email attack uses spoofed Photo Comments link
As a best practice, never respond to emails that appear to come from Facebook by clicking on links or images. Instead go directly into your Facebook account and process any new requests there.
Spammed malware linked into your Facebook photo
QUOTE: This most recent attack technique appears as an arriving email but contains a crafted malicious link. The attack is camouflaged as a Facebook correspondence alerting the victim that a friend “commented on your photo”. Although new security procedures are being implemented to protect Facebook users, cybercriminals will continue to aggressively abuse this and other social networks.
The sender name is counterfeit and the email is NOT a Facebook address. When you run your cursor over the fake Facebook link it then becomes visible that it will redirect to a suspicious page.
Last week, Facebook announced their new Messaging system that will be launching in the next few months. Certainly it will give better control to users, and will possibly minimize some issues but we at McAfee Labs expect spammers and cybercriminals to attempt abuse as well. I’m a firm believer the most powerful tool is still common sense alongside some best practices: be an informed, safe and protected user. Always keep your security software up to date!