So now some criminals have figured out a very deceptive way to try and use Facebook to get your personal information.  The NakedSecurity blog reported on this unfortunately very clever ploy that can easily fool anyone  (May 21st, “Facebook account cancellation malware poses as Adobe Flash update”).

What’s the ploy?  You get an email that seems to be from Facebook asking you to confirm your account cancellation request.  You didn’t make that request so you might think there’s been some type of glitch.  You want to keep your Facebook account  which is precisely the reaction the criminals anticipate.  So they’ve “helpfully” included a link in their email — a link, the email says, that provides the steps so you void the cancellation request.

And this is where the criminals have gotten so slick.  The link actually looks real because it’s to a “facebook.com” website.  But it’s a 3rd party application that’s running on the Facebook platform.  If you click on the link, there are repeated messages asking for your permission to let an unknown Java application run on your computer.  If you hit that “run” button, then another message appears telling you to download a new, updated Adobe Flash version.

Don’t do it!  This isn’t an Adobe Flash update but malware that will take control of your computer and grab your personal information.

The bottom line is that malware disguises are getting harder to detect. We need to be even more careful when getting these seemingly valid emails from our online accounts.  The top tip experts provide is always go to the original home page to see if there are any legitimate software updates that are needed.