Facebook users tend to pay careful attention to those messages that come from this network, especially when users are notified of being tagged in a photo. Since tagging doesn’t require prior permission, it becomes paramount to review each and every tag in case users want to delete them.

Malware writers take advantage of this situation, as proven by a new type of emails that mimic Facebook messages of someone tagging you in a photo. This malicious campaign aims to infect the computers of those unsuspecting users that do not realize that the source address comes from Faceboook (with 3 ‘o’) and not from the real social network. When they click on the link in the message, the browser is loaded with a malicious script (a Trojan horse) that puts your computer at risk of infection through a Blackhole exploit kit. Seconds later, the browser jumps to a random user’s Facebook page to hide its behavior.

If companies that manage social networks were to change their policy as demanded in the #NOTAGSwithoutpermission campaign, it would minimize the power of these social engineering tactics used by malware creators. The fear of being tagged will disappear as no person could get a tag on a photo without approval. Do you want to join the campaign so that together we can succeed?

Source: Naked Security and FriendlyScreens