Social networking giant Facebook has warned its users about a new password stealing scam that has hit the popular social network, involving users receiving a fake email asking them to reset their passwords.
According to the internet security company McAfee, millions of Facebook users received an email titled 'Facebook Password Reset Confirmation Customer Support', which claims that in order to protect its customers, Facebook has changed users' passwords.
The email then prompts users to open an attachment, which when activated, installs all kinds of malicious trojans, including a keystroke tracker software, which steals every password typed on the users' keyboard.
Facebook, which posted a warning on the official Facebook Security page, warned users to refrain from opening the 'spoof' email and delete it immediately.
It also advised users to spread the word as McAfee believes that hackers have sent millions of spam emails, targeting users across US, Europe and Asia. Facebook also assured users that the website will never send them passwords in email attachments.
Commenting on the present situation, Dave Marcus, McAfee's director of malware research and communications said in statement that “With Facebook as your lure, you potentially have 400 million people that can click on the attachment. If you get 10 percent success, that's 40 million.”
Expect such cybercriminal campaigns to become more prevalent in the future as Facebook reaches 500 million users. As McAfee's spokesperson said, even with a 1 percent success, that's a whopping 5 million users worldwide, enough to start a massive DDOS attack.