Cheryl Cole clickjacking on Facebook, posing as a BBC news report

by Graham Cluley on December 13, 2010 | 3 Comments

Filed Under: Clickjacking, Facebook, Social networks, Spam

Cheryl ColeGirls Aloud pop star Cheryl Cole, famous in the UK for her role as a judge on top TV show "The X Factor" which had its grand final last night, is being exploited by scammers on Facebook.

Scammers are using a clickjacking technique to trick users into "liking" a webpage without their knowledge, believing it to be a BBC News report about paparazzi photographs that have exposed the popular celebrity.

Using the familiar banner of the BBC News website, the story beneath is not exactly the err.. content you would normally associate with the British Broadcasting Corporation. Instead it shows a typically tabloid pararazzi photograph of Cheryl Cole getting out of a car while wearing a short skirt.

Cheryl Cole likejacking page

Hardly the most convincing replica of the BBC website I've ever seen, but if you are tempted to click on the page uses a clickjacking technique to invisibly "like" the webpage, sharing it with all of your Facebook friends and buddies.

Cheryl Cole likejacking message

BBC News: Cheryl Cole Exposed Paparazzi Photos !

You won't realise, however, that your Facebook page has been updated unless you specifically look at your feed.

Instead, chances are that some fans of Cheryl Cole will venture further, seeing another page which looks distinctly unlike those normally produced by the BBC - and ultimately a picture that is often printed in the more lowbrow British newspapers.

Cheryl Cole uncensored

So, what's all the purpose of all this? Well, it appears that once again scammers are abusing Facebook users to drive traffic to online surveys - designed to earn them commission for every survey completed.

It's really time that something more serious was done about spam like this, which has been exploiting Facebook users for far too long.

If you have been hit by a scam like this, delete the messages from your newsfeed and remove the "like"s from your profile.

If you want to get earlier warning about security threats on the social network and elsewhere on the internet, you could do a lot worse than join the Sophos Facebook page.

Tags: , , , , ,

3 Responses to Cheryl Cole clickjacking on Facebook, posing as a BBC news report

  1. Guest says:
    December 13, 2010 at 1:44 pm

    What I like, is the watermark on the Uncensored image, like the BBC can't afford to purchase a stock image.

    Reply Report comment
  2. Alex says:
    December 14, 2010 at 2:44 am

    What's the URL for this scam?

    Thanks a lot for warning everybody! :)

    Reply Report comment

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <pre> <q cite=""> <strike> <strong>

About the author

Graham Cluley has worked in the computer security industry for more than 20 years, developing anti-virus software and doing quite a lot of talking about internet threats. He's won awards for his blogging, but is proudest of the text adventure games he wrote when he was still wearing short trousers. You can learn more about those (the games, not the trousers) at grahamcluley.com. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.