Dad walks in on Daughter Facebook clickjacking attack helps scammers earn money

Filed Under: Clickjacking, Facebook, Social networks, Spam

Once again, scammers are running rings about Facebook's built-in security measures by spreading a clickjacking scam between users' accounts.

The latest attack poses as a link to a video of a dad walking in on his daughter.

Dad walks in on daughter.. embarrassing!

Dad walks in on Daughter.. EMBARRASSING!
[LINK]
This really must have been an awkward moment.

We've seen scams which use language like this before, of course, and sometimes they've been used to trick you into installing software onto your computer.

Interestingly, on this occasion, the image used in the messages is the same as that used in the recent "Baby born amazing effect" scam which has spread with similar ferocity in the last couple of weeks on the social network.

Clicking on this latest link takes users to a webpage, where it looks as though you need to press the "Play" icon to watch the video.

Dad walks in on daughter video

However, clicking the icon secretly tells Facebook that you "Like" the page (via the use of a clickjacking exploit), helping the scam to perpetuate.

Dad walks in on daughter survey

It will be no surprise at all to regular Naked Security readers that the scam is designed to drive traffic to online surveys - which earns commission for the scammers behind the attack.

When I tried it, the surveys claimed that I could receive a free iPad or MacBook or even a flat-screen television.

Dad walks in on daughter survey

If you've been hit by a scam like this, remove the messages and likes from your Facebook page - and warn your friends not to click on the offending links. Clearly there's much more work which needs to be done by Facebook to prevent these sorts of messages spreading so rapidly.

If you use Facebook and want to learn more about spam, malware, scams and other threats, you should join the Sophos Facebook page where we have a thriving community of over 160,000 people.

, , , , ,

You might like

10 Responses to Dad walks in on Daughter Facebook clickjacking attack helps scammers earn money

  1. Yesterday, hundreds of people were searching my name on Google. Thousands were rushing from Facebook through my Blog !

    I was very curious...

    I found out this morning from the tracking link in analytics. The Scammer was using a shorten URL script from one of my webpages ! With the exact same method described here.

    I just want to let you know that I don't have anything to do with it.

    Endless Blessings,
    @Gilles_Vitu

  2. steve kearns · 1131 days ago

    To day I clicked on this Facebook video (dad walks in on daughter) and got THREAT DETECTED right away. I am not sure but I think the post needs to be deleted!

  3. elmware · 1129 days ago

    When will you people learn to just remove Windows and install Linux?

    • Damon · 1125 days ago

      Oh, so Linux browser can't run Facebook? Well, I guess that's ok, since Linux users don't have friends...living in their parents' basements and all. ;^)

      • Jeff⛄ · 504 days ago

        Linux (or at least Ubuntu) uses Firefox as the default browser.

        And Facebook works just fine on it (I have Ubuntu installed alongside my Windows OS).

    • Rexy · 1097 days ago

      *tour guide voice* "Ok, everyone! If you will stop for a moment and direct your attention to this comment, you will see a brilliant example of misplaced, unnecessary OS elitism."

      *pause for pictures and note-taking*

      "...And we're scrolling..........."

      • Tim K · 906 days ago

        Sounds like a Mac user. "Macs can't get viruses." Well, yes, and when used in a 'real' business setting with mixed equipment and OSes <sp?> WINS has to be used and Macs are more open to virus attacks than any other machines. And Linux is open to attacks as well. The unfortunate truth, no one cares to attack on a private basis because it's a small net to cast.

        "...And we're scrolling..........."
        LOLz

  4. Patricia Reilly · 1097 days ago

    I use Norton to protect my computer and me . It won't let me in to the video no matter how hard I try. I did take a little quiz which was suppose to tell me what kind of IQ I had but I never got an answer just more advertising. Maybe I don't have one!!!!!!!

  5. Roger Rabbit · 902 days ago

    Install "Web of Trust", It blocks you from opening a dangerous site and flashes a notification on your screen, telling you it has blocked it.

  6. Cirric · 490 days ago

    @R Rabbit. I use WOT and like it a lot but it does not BLOCK anything. It just warns you. You can still enter a site.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.