Facebook users, be warned. Think twice before clicking on the links on an email claiming to be from Facebook and saying you've been tagged in a photo.

But security vendor Sophos also advised Facebook users to check the spelling in the email, with a misspelled word as a key giveaway.

"If you click on the link in the email, you are not taken immediately to the real Facebook website. Instead, your browser is taken to a website hosting some malicious iFrame script (which takes advantage of the Blackhole exploit kit, and puts your computer at risk of infection by malware)," it said in a blog post.

Sophos suggested that Facebook users look closely at the "From" field of the email – the Facebook in the email address is spelled with an extra "o."

The "From" field has the entry "Facebook <notification@faceboook.com>," it noted.

"Did you notice what was odd about the email? The 'from' address misspells Facebook as 'Faceboook' with three 'o's," it said.

"Even if you didn't notice that 'Faceboook' was spelt incorrectly, you could have seen by hovering your mouse over the link that it wasn't going to take you directly to the genuine Facebook website," it added.

On the other hand, Facebook said users must act quickly, saying their browsers may be taken via a META redirect to the Facebook page of a presumably entirely innocent individual in four seconds' time.

Sophos said it is adding detection of the malware as Troj/JSRedir-HW.

It added its SophosLabs is still investigating this attack. — LBG, GMA News