Facebook once again finds itself under attack from hackers looking to spread spam and snare personal information by trying to convince users that their accounts have either been commandeered by spammers or suspended.

With more than 550 million registered users, Facebook provides a fertile – and occasionally embarrassingly insecure – platform for malware authors and nickel-and-dime hackers to ply their trade.

Software vendor Panda Security this week unearthed a pair of new threats that use a similar tactic-- the threat of users being unable to access their beloved Facebook accounts – to "wreak havoc," according to security analysts.

The first scam, identified by PandaLabs researchers as Asprox.N, is a Trojan tucked away in an unsolicited email that advises users that their Facebook accounts are being used to send spam. The irony, of course, is that if someone follows the prescribed directions, which include clicking on a faux Word document supposedly containing a new password, the victim's PC or mobile device is infected and becomes a vehicle for distributing spam.

Luis Corrons, technical director for PandaLabs, in a security advisory, said the email attachment's unusual Word icon is actually a Trojan, identified as Facebook_details.exe, that then downloads a .doc file to convince victims the promised Word files is actually opening.

"The Trojan, when run, downloads another file designed to open all available ports, connecting to various mail service providers in an attempt to spam as many users as possible," he said.

The second threat, which is being spread across MSN and Yahoo instant messaging apps, displays a malicious link that, if clicked, infects users' computers or mobile devices with the Lolbot.Q worm.

Once the worm has installed and victims attempt to log in to Facebook, a message pops up informing users that their account has been suspended and, in order to reactive their account, they must fill out a questionnaire offering for a chance to win a new laptop or iPad.

Victims are then prompted to enter their cell phone number from which they're told they will receive data download credits for a fee. Once they complete what amounts to a comprehensive a phishing database, they're told they'll then receive a password to resume access to their Facebook accounts.

Malware scams of this sort seem to materialize on a weekly basis on Facebook, Twitter and other social networking sites.

In March, another socially engineered phishing attack plagued Facebook users, warning users that their accounts had been reset. When victims clicked on the malicious attachment to which they were directed, a phishing agent was installed and immediately snared all the usernames and passwords -- including those for online banking accounts-- saved on the computer or mobile device.

"Once again cyber-criminals are using social engineering to trick victims and infect them with malware," Corrons said. "Given the increasing popularity of this social media, it is no surprise that it is being exploited to lure potential victims."

What is surprising, however, is how lax most consumers and enterprises are about securing their devices and data from possible exposure on Facebook and other social networking sites.

Just last month, on-demand security software vendor OpenDNS issued a report that found Facebook ranks as both the most blacklisted and the most whitelisted website by enterprise IT security administrators, illustrating just how conflicted most organizations are about the risks and benefits of participating on the world's largest social network.

Larry Barrett is a senior editor at InternetNews.com, the news service of Internet.com, the network for technology professionals.

Keep up with security news; Follow eSecurityPlanet on Twitter: @eSecurityP.