This is what the Facebook password reset scam e-mail looks like.
If you get an e-mail that appears to be from Facebook saying the company reset your password and urging you to open an attachment, it is a scam. Repeat, it is a scam.
McAfee warned people in a blog post on Wednesday to beware of an e-mail that appears to come from Facebook urging recipients to open an attachment to get their new password.
The attachment contains a password stealer that targets Windows computers and which can potentially access any username and password combination used on the computer, not just the login credentials for Facebook.
"This threat is potentially very dangerous considering that there are over 350 million Facebook users who could fall for this scam," McAfee says. "This is also the 6th most prevalent piece of malware targeting consumers in the last 24 hours, as tracked by McAfee Labs."
There are obvious clues that this is a phishing scam. For one, Facebook doesn't send emails like this. It may send an email with a link where the user can reset the password, but not an email with an attachment. Secondly, the email has poor grammar and awkward phrases. For instance, Facebook is not capitalized in the salutation. Read more.