Jenna-Louise Coleman has been unveiled as the new "Doctor Who" companion, joining the BBC TV time traveller in his TARDIS later this year.
"Doctor Who" is one of Britain's biggest television shows, and is popular elsewhere around the world, so it was no surprise to find 25-year-old actress Jenna Louise-Coleman's name was a trending topic on Twitter today.
Unfortunately, there are frequently mischief-makers, scammers and cybercriminals waiting to exploit a popular search term or hashtag.
For instance, see these messages mentioning Jenna-Louise Coleman and referring to sex videos:
Human nature being what it is, you probably wouldn't be that surprised if some sci-fi fans clicked on the links out of err.. curiousity.
However, the webpage you are taken to doesn't have any content (pornographic or otherwise) related to the Time Lord's latest sidekick. Instead, you'll find what appears to be a portal for an Asian hardcore porn video website.
Clicking on the video thumbnails is definitely ill-advised. When I examined the page, I found that each of the videos were masking a secret Twitter follow button.
Unsuspecting site visitors are being tricked through a clickjacking exploit into unwittingly following a Twitter account.
Browser plugins such as NoScript can help protect against clickjacking, and warn you about the true intentions of webpages such as this.
Of course, the scammers could just have easily transported you to a webpage containing malware, a survey scam or a rogue application. The point is that you should always be cautious about the links which you click on.
Of course, it's Jenna-Louise Coleman today and will be someone else tomorrow. Twitter spammers are simply grabbing the latest trending topics and shoving them in their tweets in the hope that users will stumble across them and fall into their trap.
If only we could dematerialise the bad guys to Metebelis III or throw them into a chronic hysteresis and never be troubled with them ever again..
Follow @gcluley
![Password security infomerical leaves Ellen DeGeneres in disbelief.. and it will you too [VIDEO]](http://sophosnews.files.wordpress.com/2013/04/ellen-thumb.jpg?w=75&h=75&crop=1)
![Can multiple moving cursors really hide your password from spyware and peepers? [VIDEO]](http://sophosnews.files.wordpress.com/2013/03/cursors-thumb.jpg?w=75&h=75&crop=1)
Let us know when there's some actual J-L-C content pls?
It would be interesting to interview the people who come up with this sort of thing. It was interesting when Savetrees / Spamford (remember him!?) "gave up" and was interviewed. Even going undercover in a spam / scammer's organisation would be educational. I'd like to know how the whole business works.
It'd be an interesting human interest story, and would educate the public, both to be aware of scams in general, and also into the line of thinking these "people" follow. Would be nice to get the media involved.
Anything Sophos could do along this line?
Why do people do this sort of thing? "Because they can" doesn't explain it any more. They could be doing so much good stuff, but they are wasting their time doing this rubbish.
What do the spammers get by likejacking users into following them?
What do they get? An audience that they can spam via Twitter.
So we have established a link between Doctor Who and click-jacking.
I suspect the Daleks are behind this, following links like that is how Davros went blind.
I wonder what the criminals get by forcing victims into liking them.
Also, everybody on the Internet should know by now that all "free" porn will give them headaches. It will either install malware, lead to a phishing site, like jack your account, or lead to a survey scam.
The headaches thing is a myth. It doesn't make you go blind either.
Cybercriminals, Dr Who!
One of the hazards of a Twitter-based attack is that you don't know what the ultimate payload is, so you have to assume at any random point you will be invited to download malware (or a cybermat). You mention NoScript, which is being constantly improved with a sensible balance between blocking exploits and blocking legit functions. However, this very blog post includes third-party scripts on wordpress.com -- should I trust those?
Not a nice welcome to the talented J-L C taking over what is (of course) the joint most important leading role on telly. However, one consolation is that the name has probably been appended without any human intervention.
It's pixelated, so it must be asian porn...