March 19, 2010
Posted: 01:30 PM ET
Facebook has responded to a an apparently massive attempt to steal passwords from its users.
"There's another spoofed email going around that claims to be from Facebook and asks you to open an attachment to receive a new password," read a post on the Facebook Security page. "This email is fake. Delete it from your inbox, and warn your friends."
Facebook will never send users a new password in an attachment, the post says.
The messages claim to be from Facebook, with a return address that looks legitimate. A message sent twice to a CNN.com staffer reads:
McAfee security warned users in a blog post Wednesday that the link is a password stealer that becomes active when the user clicks on it. Once installed, malicious software, or malware, could potentially access all username and password information used on a computer, not just on Facebook, the post said.
Reports suggest the scheme continued to spread on Friday.
McAfee and Facebook urged users to not open the attachment and immediately delete the message, if up-to-date security software programs don't catch the message first.
From around the web
Are you a gadgethead? Do you spend hours a day online? Or are you just curious about how technology impacts your life? In this digital age, it's increasingly important to be fluent, or at least familiar, with the big tech trends. From gadgets to Google, smartphones to social media, this blog will help keep you informed.