Facebook users are on high alert this week for another e-mail scam advising that their accounts have been reset and asking them to reset their passwords through an attachment contained in the unsolicited e-mail.
But as security software vendor McAfee (NYSE: MFE) details in a blog posting, the attachment is actually a password stealer that is installed when users click on the link.
The potentially damaging e-mail is titled "Facebook Password Reset Confirmation! Customer Support," and Facebook officials are telling users to immediately delete the message to avoid infecting their PCs and mobile devices.
Once the phishing agent is installed, it can access any username or password entered on the computer or mobile devices, putting users' online banking account log-ins and other sensitive information at risk.
"This threat is potentially very dangerous considering that there are over 400 million Facebook users who could fall for this scam," McAfee researchers said. "This is also the sixth most prevalent piece of malware targeting consumers in the last 24 hours, as tracked by McAfee Labs."
With an estimated 400 million users worldwide, it's easy to understand why hackers love to target Facebook with various phishing and malware scams on an almost weekly basis.
In January, a massive scareware campaign plagued the site for a couple days, attempting to lure Facebook users into installing bogus antivirus software on their computers.
McAfee officials said this latest malware project included "tens of millions" of spam messages sent to users around the world and would likely result in the infection of millions of computers.
McAfee recommends users install the latest version of its antivirus software to protect themselves from attacks of this type and reminds users to never click on any links or attachments contained in unsolicited e-mails regardless of how authentic or personalized they appear to be.