Shocking video of a girl attacked by a shark? OMG - it's a colourful clickjack attack

Filed Under: Clickjacking, Facebook, Social networks, Spam

Hot on the heels of other recent scams spreading virally across Facebook, we're now seeing another - this time posing as a link to an alleged shocking video of a girl being attacked by a shark.

Thousands of messages have been posted by Facebook users reading:

OMG The Most Shocking Video Caught On Camera Girl Being Attacked By A Shark

OMG The Most Shocking Video Caught On Camera Girl Being Attacked By A Shark

If you click on the link you are taken to a Facebook page which fools you into believing you are about to watch a video. All you need to do (they say) is click on the red button and the blue button.

OMG shocking video of a girl attacked by a shark

If you agree to click on the coloured buttons (and I have to wonder why you would) then you are actually being clickjacked - secretly liking and sharing the link with all of your Facebook friends. You're in good company at least - thousands of other Facebook users have done the same..

Link to shark video page posted on your Facebook page

And now you're a fan of that page they're free to send your updates and messages, and potentially spam you or send you malicious links. What's worse - you've endorsed the page and shared it with your online mates.

All because you wanted to watch a shocking video of a girl being attacked by a shark.

In just the time it's taken me to write this blog post, some 1000 more people have agreed to "like" this page. I wonder how they would feel if they realised they had been scammed into helping the bad guys spam out their link?

If you have Facebook friends who you believe are acting unsafely online invite them to join the Sophos page on Facebook.

, , ,

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley is an award-winning security blogger, and veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.