Have you got any email from Facebook regarding your Facebook password reset? If yes, then before getting into that mail think twice whether you requested password reset or not because these days a virus named Bredolab is spreading through these fake Facebook password reset e-mails which appear to have come from Facebook but actually they are not.
These emails have a zip file attached in attachments which contains a virus.
This is how these fake Facebook password reset confirmation email looks like:
How to avoid Facebook password reset Scam:
Basically there are two ways with which you can keep yourself away from these scams.
1: If you didn’t requested a password reset then most probably that e-mail is not from Facebook but you can’t be 100% sure about this because there is a possibility that someone else who knows your Facebook sign in email requested your password reset.
Fortunately Facebook doesn’t reset password unless you confirm the password reset request by following the procedure in the confirmation mail. That means you can ignore that confirmation mail (even if you think its from facebook) and your password will remain unchanged.
2: If you requested your password reset then always keep one thing in mind that Facebook would never send you reset password in mail attachment. So if you get any email saying that your reset Facebook password is in the mail attachment then delete that mail straightaway because that attached file contains virus (Bredolab)which will infect your PC once downloaded and executed.
MX Lab (an email security firm) explains bredolab as:
Bredolab is a trojan horse that downloads and executes files from the Internet, such as rogue anti-spyware. To bypass firewalls, it injects its own code into legitimate processes svchost.exe and explorer.exe. Bredolab contains anti-sandbox code (the trojan might quit itself when an external program investigates its actions).