Security firm Sophos has discovered a new cyber campaign targeting Facebook users with fake photo tag notification messages.
The new campaign reportedly targets Facebook users with a phishing email containing a malicious link masquerading as a Facebook photo alert.
"If you click on the link in the email, you are not taken immediately to the real Facebook website," wrote Sophos researcher Graham Cluley.
"Instead, your browser is taken to a website hosting some malicious iFrame script, which takes advantage of the Blackhole exploit kit, and puts your computer at risk of infection by malware."
Cluely said the scam is fairly easy to spot, with the malicious hyperlink linking to "Faceboook" rather than Facebook.
Despite being a fairly basic scam, experts have taken the link to the Blackhole exploit kit as being troublesome.
Blackhole is one of the numerous toolkits used by criminals to mount automated cyber attacks.
The kits are available in numerous shady online forums, with some available for as little as $5,000, and can help would-be attackers lacking any computer skills launch malware attacks.
Previously, F-Secure security chief Mikko Hypponen highlighted exploit kits such as Blackhole as one of the key threats facing businesses.