6 year old's Happy Meal from McDonalds leads to Facebook clickjacking scam

Filed Under: Clickjacking, Facebook, Social networks, Spam

If you imagined that the legal action that Facebook is taking against alleged survey scammers would scare other spammers off the social network, then think again.

Over the weekend a number of scams have been spreading virally, using clickjacking techniques to fool Facebook users into "liking" and "sharing" links with their online friends without realising it.

Viral like messages

A typical message reads:

OMG... Look What This 6 YEAR OLD found in Her HAPPY MEAL from McDonalds! on CLICK HERE TO SEE.

If you do make the mistake on clicking on the link you will be taken to a webpage which pretends to be hosted on Facebook, but in fact is designed to
trick you into unknowingly sharing the links with your online acquaintances, and spreading the messages further.

Happy Meal horror scam Facebook page

If you click on what appears to be the "Play" button on the video, you are really being clickjacked. You may believe you are just asking the video to play, but in fact your mouse clicks are invisibly confirming that you "Like" the "Look What This 6 YEAR OLD found in Her HAPPY MEAL from McDonalds!" page, and sharing it with your friends via your newsfeed.

Similar virally-spreading messages are pointing to similar pages claiming that you will never send another text message once you watch a video.

I Will NEVER TEXT Again After Seeing THIS!!

We've seen other scams use this particular lure in the past.

Clearly, you probably don't want to spread these messages to your friends. Firstly, remove any status updates pertaining to them from your newsfeed.

Then, if you still find that you're "liking" the pages you should enter "Edit my profile" on Facebook, click on "Likes and interests" and "Show other pages".

Liked pages which can be removed

You may well find that the mischievous pages are listed there, and they can be easily removed.

You should always be wary of suspicious out-of-character posts made by your Facebook friends. If you want to learn more about security threats on the social network and elsewhere on the internet, join the Sophos Facebook page.

, , , ,

You might like

2 Responses to 6 year old's Happy Meal from McDonalds leads to Facebook clickjacking scam

  1. i cant believe how quickly these scams are spreading facebook is doing nothing to stop this there are just to meny!!

  2. Mitchell Indelicato · 650 days ago

    I want to know what the "return value" is. These scams usually don't have the vdeo they claim because it doesn't exist. So what makes people repeat-victims? Or is the internet just that gulible?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley is an award-winning security blogger, and veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.