We’ve started seeing email that looks like this:
(This is just a screengrab image – the links above aren’t live).
The message looks real enough (which is the idea) but it did not come from Facebook. The link actually goes to servers in 15 locations in Korea, Japan, Brazil, Hungary, Poland and the Ukraine, where you’ll be asked to enter your Facebook login info and while you’re at it you’ll be exposed to a variety of malware designed to harvest passwords and make you part of this botnet.
Postini should be catching these so you may not see one unless you’ve added ‘facebookmail.com’ to your approved senders list, in which case the messages will come through unfiltered.