Lost all respect for Emma Watson? Facebook clickjacking attack spreads virally

Filed Under: Celebrities, Clickjacking, Facebook, Nude Celebrities, Social networks, Spam

Emma Watson, the actress who plays the part of Hermione Granger in the Harry Potter movies, has found herself the subject of a clickjacking scam on Facebook.

Users of the social network have seen messages posted by their online friends claiming to have lost all respect for Emma Watson, after watching a video starring the young actress.

Emma Watson message on Facebook

I lost all respect for Emma Watson when I seen this video! Outrageous!

Other versions may read:

i lost all respect for emma watson when i saw this video! outrageous!

If you're curious enough to click on the link, your browser will be taken to a webpage which pretends to be a YouTube-style video site called FbVideo.

Emma Watson clickjacking page

If you've got this far, you'll probably be tempted to click to view the video. However, like the many clickjacking attacks we saw on Facebook last year, you will be invisibly clicking on a "Like" button without your knowledge, sharing the link further with your friends.

The page is designed to display a survey scam, which both earns money for the scammers and can trick you into handing over your mobile phone number to sign you up for a premium rate SMS service.

You can protect yourself from clickjacking threats like this by using browser plugins such as NoScript for Firefox.

But wouldn't it be great if Facebook required users to confirm that they wished to "Like" a webpage? That would make scams like have a harder time spreading virally via the social network.

By the way, other versions of the scam are using the names of Miley Cyrus.

Miley Cyrus Facebook message

If you find you have accidentally "Liked" an offending webpage, remove references to it from your wall and check your profile settings.

As Chet pointed out with a similarly-themed Justin Bieber clickjacking scam on Facebook, it can also make sense to logout from Facebook when you are not actively using it to reduce the chances of you being tricked into "Liking" things you don't really like.

If you're a Facebook user and want to keep up on the latest threats and security news why don't you join the Sophos Facebook page?

You could also do a lot worse than check out our best practices for better privacy and security on Facebook guide.

, , , , , ,

You might like

5 Responses to Lost all respect for Emma Watson? Facebook clickjacking attack spreads virally

  1. guest · 1246 days ago

    I also avoid accidentally liking things by browsing facebook in one browser (say chrome), and the rest of the web - any non-facebook page even if I start there in FB - in another browser (firefox).

  2. Bernie Mallon · 1246 days ago

    Can't believe I got taken in by one of these. It didn't have the markings of most of these scams and I didn't click like so I wasn't worried. I found it on my page a minute later saying I 'liked' it. The funny part was, you posted this about a minute after that! Hopefully I got it off my page now. Of course I shared your post with all my friends.

  3. Ross · 1246 days ago

    I got hit by both the Bieber scam and some hot lookin' Italian babe with big boobs several times over this past weekend. Took me quite a while to clean it up!

  4. mememe · 1244 days ago

    doesn't seem to affect linux systems. I clicked on one or two when they first started showing up, and no fake "likes" on my profile...running firefox in ubuntu.

  5. Goomba · 1240 days ago

    I'll respect her when she does playboy.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.