Bogus Facebook Email Carries Malware

Think twice before downloading that attachment in an email that appears to come from Facebook: Security firm Sophos says it contains a malicious Trojan horse.

Security firm Sophos is warning Facebook users to be wary of emails that appear to be from Facebook, notifying you that a friend has added a photo of you to his or her album.

"Computer users are being warned to be careful about opening unsolicited email attachments, after a malicious Trojan horse was spammed out posing as a Facebook notification that the recipient is featured in a newly uploaded photograph," writes Sophos' Graham Cluley in a blog post.


The email includes an attachment that it asks you to download to view the photo that you've supposedly been tagged in. The ZIP file contains malware, which is designed to allow hackers to gain control over your Windows computer, Cluely says.

It's easy for anyone to fall victim to these scams—as a coworker of mine did earlier this year. These malicious emails prey your desire to control your image and account, and Facebook is a breeding ground for such activity.

Remember that legitimate emails from Facebook won't include attachments; they will direct you to your Facebook account via a link. If you're wary of an email that appears to be from Facebook, refrain from clicking links or downloading attachments. Instead, log into your account and visit your notifications center—the globe icon to the right of the search bar in your Facebook account.

NEW! Download the State of the CIO 2017 report