Lady Gaga found dead in hotel room? Beware Facebook clickjacking scam

Filed Under: Celebrities, Clickjacking, Facebook, Social networks, Spam, Vulnerability

Has Lady Gaga really been found dead in a hotel room? A scam which has spread rapidly across Facebook would certainly like you to think so.

Heres's an example of a message that is being seen spreading virally on Facebook, posing as a link to a BBC TV News report.

Lady Gaga found dead in hotel room

BREAKING: Lady Gaga Found Dead in Hotel Room
This is the most awful day in US history

Wow. I mean, yes, it would be tragic if Lady Gaga were to die, but.. seriously.. "the most awful day in US history"?

Anyway, if you are tricked into clicking on the link you are taken ultimately (via a website which sloppily allows an open redirect) to a webpage that pretends to contain a BBC News video report:

Fake BBC website

Watch out, though, if you try to play the video as this is a clickjacking scam which attempts to silently say you "Like" the page when you click with your mouse.

Users who have installed a browser add-on such a NoScript for Firefox will see a message warning them of the peril of being clickjacked.

Clickjacking intercepted by NoScript

If you've been hit by a scam like this, remove the messages and likes from your Facebook page - and warn your friends not to click on the offending links. Clearly there's much more work which needs to be done by Facebook to prevent these sorts of messages spreading so rapidly.

If you're a Facebook user and want to keep up on the latest threats and security news I would recommend you join the Sophos Facebook page - where more than 150,000 people regularly discuss the latest attacks.

You could also do a lot worse than check out our best practices for better privacy and security on Facebook guide.

Update: A very similar scam has spread across Facebook claiming that Lil Wayne, rather than Lady Gaga, has died. Messages in that campaign include:

BBC News: 2 Rappers Died, L1L Wayne Near Death in Car Crash [VIDE0]

and

BREAKING: Lil Wayne Nearly Dies In FATAL Car Crash! [VIDE0]

, , , , , , , ,

You might like

8 Responses to Lady Gaga found dead in hotel room? Beware Facebook clickjacking scam

  1. bmillz · 986 days ago

    Phew !! I cried for a second ...

  2. At first I thought that wait a minute, didn't she died and the media reported it? Had the media been duped again? Then I remember its Amy Winehouse not Gaga that died!

    I must remember my celebrities!

  3. Robert Gracie · 952 days ago

    Its simple to spot a click jack like this because BBC uses the iPlayer system and the video in that web page isnt iPlayer therefore Clickjacking/spam/scam easy to spot

  4. ohnohelp · 942 days ago

    if you click it what would happen???

  5. Troll · 942 days ago

    Easy to spot for geeks like you,lots of "normal" people use Facebook these days too.

  6. Precious · 931 days ago

    Pple should confirm any news before spreadin

  7. bikeamtn · 920 days ago

    F.Y.I.
    Before you 'click' that link: if you 'mouse-over' the link in question, you should see the actual link URL appear at the bottom (lower-left for Internet Explorer) browser bar and it should match the identity of the link you think you will be clicking on. Or, right-click on the link and select 'Properties' then look at the 'Address:' (URL) listed, does it match the identity of the link you think you will be clicking on.

  8. Anonymous · 68 days ago

    Gaga found died in hotel, this was posted in 2011. now is 2014 and gaga's going to tour all over the world

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley is an award-winning security blogger, and veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.