Be careful about opening emails that claim you have been tagged in a Facebook photo, because they may actually be malware, according to a security expert.

Sophos's NakedSecurity blog outlined the threat on Wednesday. The company's SophosLabs intercepted a "spammed-out email campaign" which was designed to spread malware. Sophos provided the following example:





The blog notes that the email address above misspells "Facebook" as "Faceboook." The link takes the user to a malicious iFrame script, which exposes the user's computer to malware. However, within four seconds, the user's browser is directed to a presumably innocent Facebook page like the one below to act as a smokescreen.





The lab recommends checking the "Facebook" email addresses closely in emails and hover your mouse over the link, at which point you should see it doesn't go to a Facebook page.

Have you been duped by a fake Facebook photo tag message? Let us know in the comments.

Image courtesy of iStockphoto, PashaIgnatov