The Twilight Breaking Dawn Facebook scam

Filed Under: Clickjacking, Facebook, Rogue applications, Social networks, Spam

Facebook users are finding themselves tagged in their online friends' photo albums, in an attack seemingly targeted at fans of the "Twilight" teen vampire romance movies.

Following an attack against photo albums using an image of a Playboy-style bunny girl, scammers are now pretending to link to a game promoting the upcoming movie "Twilight Breaking Dawn" starring heart throbs Robert Pattinson and Kristen Stewart as the starcrossed lovers Edward Cullen and Bella Swan.

As well as Facebook photo albums, users are also being tricked into "Liking" the scam links.

Twilight Breaking Dawn message

Play Twilight: Breaking Dawn
Be the first of your friends to play the awesome new Twilight game on Facebook!

If you click on such a link then you will be taken to a Facebook page which to all intents and purposes appears to be promoting an online game, being used to market Twilight Breaking Dawn.

Twilight Breaking Dawn on Facebook

But if you click on the button marked "Play Now" then you will be clickjacked into saying you "Like" the link, thus spreading the link virally to your Facebook friends.

If you're running a protection against clickjacking, such as Firefox add-on NoScript, then you will be warned - but most people are probably unaware that the page has secretly claimed that they like the game, even though no game has yet been played!

NoScript warning of clickjacking

The scam doesn't end there, however, as that would simply spread the link without earning any money for the ne'er-do-wells behind it.

Users are then presented with a dialog, asking them to grant permission for a third party application to access their Facebook account, and post messages, updates and photos to their wall.

Rogue app requests permission

Of course, if you're a fan of "Twilight" you will quite possibly grant permission without thinking. The only problem being that this isn't a legitimate application request, but being done by a rogue app which wants to make money out of your devotion to the works of Stephenie Meyer's series of novels.

Predictably, with the ability to now post to your Facebook account, the scammers now present the final piece of the jigsaw: an online survey which earns them affiliate commission for each person who completes the questionnaire.

Survey scam

You will note that the survey deliberately presents itself in a convincing Facebook style, which may trick some users into believing that it is legitimate.

It seems that fans of Twilight are only too easy pickings for Facebook scammers, judging by the large number of reports from affected Facebook users we are seeing today.

If you've been affected by this scam, you should clean up your account before any further damage is done.

I've made a YouTube video where I show you how to clean-up your Facebook account if you were hit by this, or similar scams on Facebook:

(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)

Make sure that you stay informed about the latest scams spreading fast across Facebook and other internet attacks. Join the Sophos Facebook page, where more than 70,000 people regularly share information on threats and discuss the latest security news.

You could also do a lot worse than check out our best practices for better privacy and security on Facebook guide.

Hat tip: Thanks to Naked Security reader Drew who was the first (of many!) to tell us about this scam.

, , , , , , , , , , , ,

You might like

3 Responses to The Twilight Breaking Dawn Facebook scam

  1. mugab · 1198 days ago

    "Be the first of your friends to play the..."
    Well, I'm not the first if my friends have already liked it, am I?

    • I tried sharing the article on facebook and its already been considered abusive, seriously wtf Facebook.

      • We've contacted Facebook Security about this - and asked them to investigate.

        In the meantime, try using the "Share via Facebook" button at the bottom of the article - or simply cutting and pasting the URL.

        Thanks!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.