The attachment contains a password stealer that targets Windows computers and which can potentially access any username and password combination used on the computer, not just the login credentials for Facebook. “This threat is potentially very dangerous considering that there are over 350 million Facebook users who could fall for this scam,” McAfee says. There are obvious clues that this is a phishing scam. For one, Facebook doesn’t send e-mails like this. It may send an e-mail with a link where the user can reset the password, but not an e-mail with an attachment. Secondly, the e-mail has poor grammar and awkward phrases. For instance, Facebook is not capitalized in the salutation. If you get an e-mail that appears to be from Facebook saying the company reset your password and urging you to open an attachment, it is a scam. Repeat, it is a scam.
A month or so ago, I received this email:
Beware of the new Facebook password reset scam