CNN and other major news sources are reporting that there is a very new and highly dangerous Facebook scam being employed.  This is a fake e-mail from Facebook asking users to open an attachment to receive a new password. Once opened, this attachment infects the user’s computer with a password stealer, which can give these criminals access to your banking, credit card, and other personal financial information.

The fake email may appear somewhat as like this:

Hey [user's name]:

Because of measures taken to provide safety to our clients, your password has been changed. You can find your new password in attached document.

Thanks,
The Facebook Team.

It is likely that those distributing this scam will change what this message says or use different variations in wording. So be advised, Facebook IS NOT changing passwords. DO NOT OPEN any such attachments. DELETE this message immediately upon receipt!

From: Matt McGlynn
Date: 11/11/2009 9:23:12 PM
To: barry@writerpro.biz
Subject: response from Care2
Hello,
I’m writing in regards to your recent blog post about
the credit card scam you received via a Care2 ecard.
I am sorry you received that ecard, and sorrier still
to see our good name featured in an article on HighRiskWebsites.
What you received is certainly a scam. What was not clear in
your piece is that Care2 was not the scammer, but the victim.
The criminals behind this attack organized a botnet of over
400 hijacked PCs all around the world; these computers were
submitting dozens of these scam ecards (all with subtle
variations in the messaging) per second. Our warning
bells went off, and we were able to shut down the
attack — but not before some of the ecards were sent out.
Care2 has offered a free ecard service for over 10 years.
We have some of the best ecards on the web, and we make
donations to save a square foot of rainforest for every
ecard sent.
Millions of people use Care2 to send ecards to friends and
family every day. Sadly, like any free service, our site is
occasionally abused, resulting in issues like the one you described.
If you visit the URL you published, you’ll see that the
scam ecard has been deleted. What you received is strictly
prohibited by our Terms of Service. And we’re putting additional
systems in place to prevent a recurrence of this sort of attack.
Care2.com was founded to help make the world a better place.
That is literally our mission. I invite you to come check out
Care2.com again. I think you’ll find out where are hearts and
minds are if you do.
Thanks for reading. Feel free to contact me if you have
any questions.
matt.
CTO, http://www.care2.com/

Here’s a new wrinkle in e-mail scams. It plays on your curiosity to find out who has a secret crush on you. If you click on the care2.com link, you will be taken to a personal message that is shown after this e-mail:

917595 sent you an eCard from Care2! Click on the following link to view your eCard, or paste it into your browser:

http://www.care2.com/send/pickup/1311-62411-134424-2729

This Care2 eCard was sent November 8, 2009 and will be available for 14 days.

Warm wishes,
www.Care2.com
Where spreading love & laughter helps save the world.
Every time you send a FREE Care2 eCard you save a square foot of rain forest. Learn More.

Here is the e-card message you will receive. Note that it informs you that you “may have to use a CC (Credit Card) or a debit card for verification. THIS WILL END UP BEING A SURPRISE CHARGE ON YOUR ACCOUNT. DO NOT SUPPLY ANY FINANCIAL INFO TO THIS TYPE OF SCAMMER. Here’s what the card will say:card-scam

The next e-Card message will display this personal message:

n4y7h4r

Hi Barry… This is difficult for me to do because I’m shy..but I have a crush on you. I’ve never been able to tell you for reasons which you would quickly identify as obvious if you knew who this was. With that said I want you to guess who I am and approach me yourself.

To help you out with your guessing I made a few pictures and videos with Barry written on my body. They’re kind of risque photos so I had to make a profile at www.megafriendly.com (copy & paste or type www.megafriendly.com into your web browser). My username in the members area is BarryandME09. It’s a free website but you might need a CC or Debit to verify your age because I had to. Sigh.

But anyway sign up at www.megafriendly.com and once you are inside search for me. I want you to guess who I am and then approach me yourself. I’m shy and this is the bravest thing I’ve probably ever done but you need to do the rest.

Kisses
Secret Admirer

p4b2e0k5q8m1u9e1v8g0

If you now enter the www.megafriendly.com URL into your browser and click search, it will quickly make the scam clear: This is a web cam girl’s site. And their goal is to get your financial info so they can charge you later!!

sexcam-scam


The thing to remember here is NEVER to provide any further actions. DO NOT fill out the financial info even though it says “$0 charge for age verification”.

SCAM ALERT—SCAM ALERT—SCAM ALERT

Here’s a new e-mail scam alert in the name of the International Monetary Fund.

Note how the scammer seeks to obtain your personal information and $175.00 of your hard-earned money (highlighted in RED).  Never reply to an e-mail of this type.

FROM THE DESK OF DOMINIQUE STRAUSS-KAHN

PRESIDENT INTERNATIONAL MONETARY FUND (IMF)

ATTN: BENEFICIARY.

This is to officially inform you that ATM card number: 5428 0500 1100 4432 worth Three Million United States Dollars ($3 Million USD) has been credited in your favor in bid to compensate you on your winning sum since you are next on our compensation file for the second part of this fiscal Year 2009.

Your personal identification is ATM-5379. Contact the verification officer in African Region (Dr. Paul Omego) E-mail: atm.paymentdept2341@gmail.com

Tell: (+234) 1 4315436 with the below details for proper verification and immediate delivery of your prize via ATM CARD:

1) Your full Name…………….

2) Your Delivery Address………

3) Country………………

4) Your Telephone Number………….

5) Age and Occupation…………..

Most importantly, you are also required to send him the sum of $175 fee for your ATM CARD delivery.

NOTE: be aware that US$3,000,000.00 (Three Million United States Dollars Only) was awarded to you as a compensation payment and be also informed that the Fund Approvals and authorization documents have been handed over to DR. PAUL OMEGO.

Best Regards

DOMINIQUE STRAUSS-KAHN

PRESIDENT INTERNATIONAL MONETARY FUND (IMF)

This is a new e-mail scam using the identity of the United Nations to ‘hook’ the naïve and unwary. Note the grammar errors and that the supposed bank person is in NIGERIA—Scam Capital of the World!

UnitedNationsLogo(1)

Attention:

This mail serves as a listening ear to the victims of scam the world over.

We have been having a meeting for the past 7 months which ended 2 days ago with the secretary general of the United Nations Organization.

This message is to all the people that have been scammed in any part of

the world, the United Nations have agreed to compensate them with the sum of US$500,000. This includes every foreign contractors that may not have received their contract sum, and people that have had an unfinished transaction or international businesses that failed due to Government problems etc.

We have a database of victims and that is why we are contacting you,

this has been deliberated upon and is among our set of priorities

in making the world a better place.

You are advised to contact Mr. Jim Ovia of ZENITH BANK PLC, as

he is our representative in Nigeria, contact him immediately for your

Cheque / International Bank Draft of USD$500,000. This funds are in

Bank Draft for security purpose. It will be sent to you and you

can clear it in any bank of your choice.

Therefore, you should send him your full Name, telephone number, a

valid mailing address where you want him to send your Bank Draft to.

Contact Mr. Jim Ovia immediately for your Cheque:

Person to Contact: Mr. Jim Ovia

Email: unitednationoffer@rocketmail.com

*Making the world a better place*

Regards,

Department of Public Information, United Nations 2009