Guy who took a picture of his face for 8 years FouTube Facebook scam

Filed Under: Clickjacking, Facebook, Social networks, Spam

Guy who actually did take a photo every day for 8 yearsFacebook scammers have been at this game for a while now. They take an interesting YouTube clip that is gaining notoriety and try to cash in on the popularity by spamming it out on Facebook before most people have heard of it.

In the past we have seen it with the "I can't believe a GIRL did this because of Justin Bieber" and "Anaconda coughs up a hippo?" Facebook likejacking attacks based on popular YouTube videos.

This Facebook scam sends out messages on victims walls with the title "This Guy Took A Picture Of His Face Every Day For 8 Years" and includes a link to a scammer domain.

Facebook Wall post about guy who took his picture for 8 years

When you click the link you are lead to a FouTube page that is a near identical replica of the real YouTube site with a fake video player dominating the page.

FouTube likejacking page

Of course when you go to click the video it is actually just an image. The image links to some obfuscated JavaScript that displays a popup claiming it needs to verify your age.

Age Verification likejackWhat is actually happening is that you are clicking an invisible "Like" button hidden underneath the link you think you are clicking. This will post the message to your wall to continue the viral spread of the message to your friends.

Funny enough, there really is a video on YouTube of a man who actually took a photo of himself every day for eight years and it's pretty cool. YouTube has removed the video for violations of their Terms of Service. I don't know why, but consider it best practice to avoid links to this topic.

What is new about this attack is that they have managed to likejack you and lead you to a survey which will enroll you in a program to charge you for an SMS several times a week all in one click.

Stay vigilant, and if you are a Facebook user consider following us on Facebook. You can also learn about our recommended settings for your Facebook profile.

, , , ,

You might like

14 Responses to Guy who took a picture of his face for 8 years FouTube Facebook scam

  1. Shane Fontenot · 1329 days ago

    Another scam I saw going around was a Free Walmart month of groceries with a link to
    walmart.com-offer.tk. When I click on the link it brings you to http://com-offer.tk/ which has a button to connect to facebook. You guys should investigate that one. Thanks for keeping up with these scams for us. I'm dong my best to pass along the info to all my friends and family but they just fall for all of the scams.

  2. Maya · 1329 days ago

    So what advice would you recommend for those who did click as I've seen this come up several times on my newsfeed just tonight?

    • Sarah Lee · 1329 days ago

      click and go to your profile...NOT your news feed but your actual profile feed, then on there hover your mouse over the story and you'll see an X click on that and click on the unlike option...it's really confusing I kept trying to do it from my news feed, but it only worked if I did it from my profile.

      • David · 1327 days ago

        Removing it from the profile will actually only hide the post from the news feed. Here's what you need to do if you want to get rid of this for good:
        Go to your profile
        >>click info >> there on *Activities and interests* click >>Edit
        >>there click *Show other Pages* [a window will appear] scroll until you find the scam page and click on *Remove Page* next to it.

        Hope It helped. ;)

  3. CyberCop · 1329 days ago

    When presented with the "Verification" window that also contained the iPad offer link, you cannot abort your browser. The only way I was able to do it was to go out to the Windows Task Manager via CTRL-ALT-DELETE and kill my browser process.

    I wish Facebook would provide me with an option to block these stories from appearing on my wall in the first place.

  4. Sherry Thomas · 1328 days ago

    I actually fell for this one because it was trickier than usual. I never clicked "like" but it posted to my wall anyway. I feel bad because my friends who trust my judgement clicked on it since it had posted to my wall.

  5. pamelajaye · 1328 days ago

    that video on the real youtube is also gone

    • Chester Wisniewski · 1328 days ago

      I see that. I will update the post. I wonder how it violated YouTube's ToS? Oh well. Thanks for the comment.

      • AJL · 1328 days ago

        The video you linked to in the story is not the original - that was posted by C71123, who is aware of the likejacking thing on FB and I'm guessing has been reporting the reposts on YouTube as violations for copying his video w/o his permission.

  6. When is facebook actually going to do something about this?! This is a huge flaw in facebook's security if it means that any site you visit can post things to your facebook status without your permission. I ended up posting this video and leaving it up overnight before I realized it was on my profile. Hello, this is a real issue facebook!

  7. what do you do if you click it and you see its on your news feed that you liked it?

  8. bbbbwebproductions · 1327 days ago

    http://www.youtube.com/watch?v=Vc_PU3D3QNE is the link for the actual video. AJL is right

  9. nikki · 1325 days ago

    What no one is really asking here is about the who survey that enrolls you and charges you for SMS. How do you know if you were enrolled? I never got to a survey. In fact, the foutube page didn't give me pop-ups...maybe firefox blocked them? How do you know when you've eradicated this thing?

    • If you're unsure whether you've been affected or not, check your Facebook profile to see if it is "Like"-ing pages that you didn't mean to Like, and make sure there aren't any unexpected posts on your wall.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics. You can follow Chester on Twitter as @chetwisniewski, on App.net as Chester, Chester Wisniewski on Google Plus or send him an email at chesterw@sophos.com.