Facebook users are once again suffering from an onslaught of clickjacking survey scams, designed to fool them into unwittingly saying they "Like" a link to drive web traffic that simply fills the pockets of scammers.
Here's just one example we have seen in the last hour:
97% of ALL People Can NOT Watch THIS VIDEO For More Than 25 Seconds!
Can YOU?! Watch the video and see how long you can last! Good Luck!
You can imagine why some Facebook users might be tempted to click on the link, but the truth of the matter is that the poster did not knowingly share the link with his Facebook friends. Instead, he was tricked into saying he "Like"d the link through a clickjacking.
If you were tempted to click on the link you would be taken to a page which appears ready to play a video.
The webpage looks like it's part of Facebook, and most people wouldn't hesitate to press the "Play" button the video. But the reality is that clicking on the play button secretly hides some additional code.
The Mac computer I tested the scam on was running the Sophos's free Mac anti-virus, which was smart enough to alert me to the danger posed by the button:
However, if you hadn't properly protected your computer you might find that you are being clickjacked into invisibly saying you "Like" the link on Facebook without realising.
In my testing, pressing the button said that I "liked" a different scam - this one related to a video allegedly showing a zookeeper being eaten by a giant snake.
[VIDEO] Snake Eats MAN!
CAUGHT ON TAPE- A Giant Snake Swallows Up A Zookeeper in Front of Hundreds of People!
In this way the scam can spread rapidly between your online friends, increasing the traffic to the real page the scammers want you to visit - one which asks you to take part in an online quiz or survey.
A free iPhone 4S? You'll be lucky. Scams like this can earn millions of dollars for those behind them in form of affiliate commission and by - sometimes - signing your mobile phone up for premium rate services.
If you see a scam like this on your newsfeed - be sure to remove it, and report is as spam to Facebook. That way you will no longer be sharing the offending link with your friends.
If you're a Facebook user and want to keep up on the latest threats and security news I would recommend you join the Sophos Facebook page - where more than 190,000 people regularly discuss the latest attacks.Follow @NakedSecurity