Italian Facebook likejacking targets more than 107,000 users and Facebook account confirmation scam returns

Filed Under: Clickjacking, Facebook, Privacy, Social networks, Spam

107,000+ likes on Facebook likejacking scamThe fact that most organizations have fewer staff around on weekends is not lost on Facebook scammers.

The quantity of successful Facebook attacks SophosLabs sees on weekends and holidays is far higher than on weekdays, and this weekend is no exception.

Italian Facebook users have been seeing a message on their friends' walls stating, "Scontri a Piazza del Popolo video amatoriale che riprende un ragazzo mentre tira dei San Pietrini al. . ." The link suggests you can view a video of clashes in the Piazza del Popolo.

Italian Facebook scam wall post

If you click on the link, the standard scam continues, suggesting a YouTube-like video player. When you click the video you are actually "Liking" the page. You then get a prompt asking you to share the link again on your profile to view the video.

If you choose not to share it you are gracefully redirected to a survey scam that signs you up for a paid SMS subscription on your mobile phone.

Facebook Italian likejack

Close on the heels of this attack, we were alerted to the return of the "Confirm your account" scam. According to the attackers, Facebook is over capacity and you must confirm your activity so your account won't be deleted.

If you approve the bogus application it posts the following to your wall: "This is the last day you can confirm your account. Tomorrow your account will be permanently deleted."

Confirm your activity Facebook scam application

The unique thing about this scam is that it anticipates that you may have disabled JavaScript in your browser, or are using the NoScript plugin for Firefox. It provides instructions on how to reenable JavaScript as well as how to permit the scripts to run using NoScript.

Scam explaining how to reenable JavaScript

Facebook can only do so much to prevent scams from attacking their service. Users must be smart and learn how to sniff out a scam and avoid it. With over 500 million users, though, Facebook will continue to be a major target for scam purveyors seeking victims.

If you're a Facebook user, consider following us on Facebook to stay on top of the latest attacks. For our advice on the current best practices for securing your privacy on Facebook, read our Facebook best practices.

, , , , , ,

You might like

7 Responses to Italian Facebook likejacking targets more than 107,000 users and Facebook account confirmation scam returns

  1. Susie Mermaid · 1314 days ago

    So when you see the "FB is over capacity" what's the best mode of attack for us? Ignore? Log out? don't log out? Change password?

  2. Cass · 1314 days ago

    If you are going to use a term such as "like-jacking" at least put in the hyphen so that it makes a modicum of sense when first reading it. The hyphen let's people know that you have stuck two works together to make a new word and that you didn't just forget to put in a space.

    Ok, now that I'm done with my grammar-bitching, I think it is sad that people have to constantly attack people like this. I understand that it is easy to be a victim of this kind of attack as many of my friends have been but at the same time I just can't believe that people are so ignorant. I suppose I will feel this way until someone manages to trick me with one of these scams.

    The "confirm your account" stuff is the most hard to believe that people still fall for. After all of this time you would think that people would know better.

  3. Guido Blokland · 1313 days ago

    Would you believe there are actually people who have tried to make a living out of completing scam surveys?

  4. bvnni · 1313 days ago

    They used to execute people in that square. Interesting significance for Rome too when you factor in the video aspect. Are Italian Facebook scammers romantic historians? :P

  5. sumbuddy1 · 1309 days ago

    My question is: when you click on a video and it doesn't ask for any further info or give you any popups or anything, but then the video shows up on your facebook wall saying you "like" it (when you didn't click like - I guess that is called Clickjacking) - what is the scammer actually getting out of it? Aside from a bunch of "likes" for a bogus page.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics. You can follow Chester on Twitter as @chetwisniewski, on App.net as Chester, Chester Wisniewski on Google Plus or send him an email at chesterw@sophos.com.