Revenge on an ex-girlfriend or a Facebook clickjacking attack?

by Graham Cluley on September 20, 2010 | 1 Comment

Filed Under: Social networks, Spam

Another status update was spreading virally earlier today, exploiting a clickjacking attack that we have seen Facebook scammers use in the past.

Messages were appearing on users' Facebook accounts saying:

OMG This GUY Went a Little To Far WITH His Revenge On His EX Girlfriend

OMG This GUY Went a Little To Far WITH His Revenge On His EX Girlfriend

Clicking on the link would take your web browser to a page which asked you to click on a red and then a blue box to "confirm" that you are human.

Colourful clickjacking attack

We've seen this trick a number of times before, of course.

It's what I call a colourful clickjacking attack. You think you're just clicking with your mouse on a red and blue box, but in fact you're unknowingly liking and sharing the link with all of your Facebook friends.

If thousands of Facebook users like a page, as they did in this incident, then there's the potential for cybercriminals to send spam to them or distribute a malicious link en masse to their newly-groomed fans.

But let's continue with our journey through the scam.

Hello! Click here to continue

A hop and a click later, and you finally see what purports to be a letter from a man to his ex-girlfriend..

Revenge letter to an ex-girlfriend

Thousands of Facebook users fell for this, the latest in a long line of scams spreading virally across the network. By the looks of things, Facebook has shut this attack down - but no doubt there will be more on their way.

If you were hit, make sure that you have checked your Facebook profile to remove references to the page and ensure that you only have pages that you *really* like listed under your "like"s.

Of course, none of these attacks would spread if people were more suspicious of unusual posts made by their Facebook friends, and kept themselves informed of the latest tactics used by scammers and cybercriminals. If you want to learn more about security threats on the social network and elsewhere on the internet, join the Sophos Facebook page.

Tags: , , ,

One Response to Revenge on an ex-girlfriend or a Facebook clickjacking attack?

  1. Will O'Keefe says:
    September 26, 2011 at 2:29 am

    I not only did not post these or any other Video's, I've provided informattion on my personal PC which Microsoft, Google and not Apple stepped into the game, bought a friends 1 year old IPhone and yes, i backed it up on my PC and did not delete it when I determined that the IPhone and I did not get along and it broke in "PERFECT ORIGINAL CONDITION" stated the Apple Store.

    I wouldn't wish this on MOST people...have no choice....If I had know earlier I could have started the clean up sooner. Several bad words implied here!

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <pre> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

About the author

Graham Cluley is senior technology consultant at Sophos. The readers of Computer Weekly voted him security blogger of the year in 2009 and 2010, and he pipped Stephen Fry to the title of "Twitter user of the year" too. Which was nice. He was also named "Best Security Blogger" by the readers of SC Magazine in 2011. You can subscribe to Graham's updates on Facebook, follow him on Twitter and circle him on Google Plus for regular updates.