What is FouTube? Viral Facebook clickjacking video scams explored

Filed Under: Clickjacking, Facebook, Social networks, Spam, Vulnerability

Have you found updates on your Facebook page, saying that you like videos on sites like FouTube, FbVideo and YoTube, and wondered what it's all about?

Exclusive Video: Charlie Sheen found Dead at his House!

If so, you've fallen for a clickjacking scam - and you could be helping put more money into the pockets of the very people who tricked you into falling for their confidence trick.

Viral scams are spreading rapidly across Facebook, tricking unsuspecting users into saying they "Like" a page, which helps the links spread far and wide.

The scams use a technique called clickjacking, often called "Likejacking" when it happens on Facebook. Typically you are presented with a realistic-looking video player, but clicking anywhere on the screen with your mouse actually triggers an invisible Facebook Like of the content.

EXCLUSIVE! Cheryl Cole Explicit Video Leaked by X-Boyfriend

We're continuing to see dozens of scams spreading virally across Facebook, tricking users into visiting fake video websites with names such as FouTube, FbVideo and YoTube on the pretext of seeing a sensational video.

You can protect yourself from clickjacking threats like this by using free browser plugins such as NoScript for Firefox.

Examples of the scam video names being used in the last 24 hours include:

  • From couple to Family in 39 Months
  • PHOTO! Girl accidentally sends dad SMS about her FIRST TIME
  • Exclusive Video: Charlie Sheen found Dead at his House!
  • EXCLUSIVE! Cheryl Cole Explicit Video Leaked by X-Boyfriend
  • Look What Happens When FATHER Catches DAUGHTER Making Sexy Webcam Video
  • This Girl Killed Herself Because Her Dad Posted This Video On Her Wall
  • Japanese Tsunami Launches Whale Into Building

But the scams actually trick you into taking an online survey - on the pretext of verifying that you are old enough to watch the video - which earns the scammers commission. In some cases they will also ask you for personal information

So-called security survey

Interestingly, some of the scammers are getting sloppy (or simply feeling bold) and are making little effort to hide the fact that they are creating dozens of different sites to try to entrap unsuspecting Facebook users, as you can see by the directory I was able to find online:

FouTube sites

I wouldn't recommend visiting any of these sites, by the way.

As you can see, the subject matter of most of these videos is pretty sensational. In the past, many of the attacks have used the names of celebrities like Emma Watson, Miley Cyrus and Justin Bieber - clearly realising that many young people are on Facebook and may be frothing at the very thought of seeing their idols in compromising positions.

But it's not just teen crushes that are the focus of the clickjacking scams. For instance, we have seen video footage of the Japanese tsunami used as a lure for those who want to follow the terrible news coming from the country right now.

How to clean-up after a likejacking attack
If you made the mistake of clicking on a link spread via a scam message like the ones listed above, you should check your Facebook news feed and remove any offending links that you might have spammed out to your friends. Hover your mouse over the top right hand corner of the post and you should see a small "x" which will allow you to remove it.

And if you entered your mobile phone number, you should keep a close eye on your cellphone bill and notify your carrier to prevent bogus charges from stinging you in the wallet.

Remember to be wary of any links that look like this. If you really want to watch a video chances are that it's available for free - without you having to complete any surveys - on legitimate video sites like YouTube.

Going forward, it's essential that you stay informed about the latest scams spreading fast across Facebook and other internet attacks. Join the Sophos Facebook page, where more than 60,000 people regularly share information on threats and discuss the latest security news.

We've also published some good best practices for better privacy and security on Facebook. Take care!

Hat-tip: Thanks to the many Naked Security readers who contacted us about these scams.

, , , , , , , ,

You might like

6 Responses to What is FouTube? Viral Facebook clickjacking video scams explored

  1. Nicholas Maniatis · 1328 days ago

    What is the "noscript" plugin for Chrome?

  2. Allen Snowdon · 1328 days ago

    ***Waging War against Facebook Scams*** (Part 1)
    These clickjack scams have gone too far and it's time we put a stop to them. Surely the mucky-mucks who run Facebook can come up with a filter that prevents these intrusions.
    Unfortunately there is no "Contact Us" button for us to voice our concerns, so here's what I've done:
    At the bottom of every FB page is a clickable link named "Advertising". Click on it and navigate to "Integrated Solutions". A form will come up for potential advertisers to leave a message.
    Fill in all the boxes with SOMETHING, otherwise it won't get sent.
    In the "Comments" box, vent your frustration. Something like:
    "I'm mad as hell at Facebook for allowing 'clickjackers' and other scams to appear on our pages. Surely you can devise a filter to clean this mess up. If not I will be discontinuing my Facebook page and finding another social networking site"
    Seriously, folks. If Facebook can't clean up their act I WILL pull my account and go elsewhere.
    Please share this post with others, perhaps we can collectively make a difference.

  3. fruitypoundcake · 1328 days ago

    So if you clicked on your friend's link on Facebook, bringing up the fake Youtube page, but then immediately closed that page, are you unaffected? I didn't click on any of the links on the Foutube site, I closed it immediately.

    • If you didn't click *anywhere* on the fake YouTube page, you should be okay.

      But the easiest way to tell may be to simply check your Facebook profile, to see if it has posted anything unusual or "Like"d a page that you didn't want to "Like"

  4. Nicole Theoret · 1326 days ago

    What I've been seeing these days, is a link to a video, it says that a friend of mine liked this video. So I click on it and get to a page with the video on which I click, but it doesn't do anything. I sometimes get a questionnaire which I promptly close.

    So I go back to my page and see that this site has added a link saying that I liked that video which is absolutely untrue. I then clicked on the X to delete this and all the Likes. Did I do okay this way. Can I have problems just the same??? I shouldn't click on weird video links, period...

  5. Rui S. · 1305 days ago

    Over the past year and a half i've repeatedly warn my FB contacts about ClickJacking and usually share with them articles about this issue but keep on seeing ppl clicking those links on FB.This is a useful and well written post and once again i've shared with them.

    However there is something you say that does not sound right to me:
    "You can protect yourself from clickjacking threats like this by using free browser plugins such as NoScript for Firefox"
    yes you can protect yourself from the likejacking using noScript but because FB (and other major websites) interaction relies a lot on the assumption that you have javacript enabled, you are also 'protected' from browsing the web in its full power :)

    Also i think it's important to mention that ( of course ... Like the rest of us if you don't use noscript ) the 'attacker' can also target the browser close button to trigger the like behaiviour.

    In case someone by accident visit one of those scam sites by accident i think the safest is to close the browser using whatever tool your OS gives you.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.