SOCIAL MEDIA USERS should be wary of emails claiming that they've been tagged in pictures on Facebook, Sophos has warned.
The security firm said in a blog post that those receiving emails with such notifications could be exposed to a malware attack if they click on hyperlinked text.
"Be wary of emails claiming to be from Facebook, and saying that you have been tagged in a photograph," Sophos' senior technology consultant, Graham Cluley said in a blog post today.
"SophosLabs has intercepted a spammed-out email campaign, designed to infect recipients' computers with malware."
Cluley highlighted how to spot the malicious email notificatins by a tell-tale sign, as Facebook is misspelled as "Faceboook", with three "o"s.
If you click on the link in the email, you are not taken immediately to the real Facebook website." Cluley warned.
"Instead, your browser is taken to a website hosting some malicious iFrame script, which takes advantage of the Blackhole exploit kit and puts your computer at risk of infection by malware."
"To act as a smokescreen, however, within four seconds your browser is taken via a META redirect to the Facebook page of a presumably entirely innocent individual."
Discovered back in 2010, the Blackhole kit is one of the most notorious exploit kits ever seen, renowned for delivering malicious payloads to a victim's computer.
Sophos added that it detected the malware as "Troj/JSRedir-HW" and advised that users should be on their guard while it has a deeper look into its dangers. µ