Giant snakes eating zookeepers and unwatchable videos - Facebook hit again by clickjacking scams

Filed Under: Clickjacking, Facebook, Social networks, Spam

Facebook users are once again suffering from an onslaught of clickjacking survey scams, designed to fool them into unwittingly saying they "Like" a link to drive web traffic that simply fills the pockets of scammers.

Here's just one example we have seen in the last hour:

Facebook scam

97% of ALL People Can NOT Watch THIS VIDEO For More Than 25 Seconds!
[LINK]

Can YOU?! Watch the video and see how long you can last! Good Luck!

You can imagine why some Facebook users might be tempted to click on the link, but the truth of the matter is that the poster did not knowingly share the link with his Facebook friends. Instead, he was tricked into saying he "Like"d the link through a clickjacking.

If you were tempted to click on the link you would be taken to a page which appears ready to play a video.

Facebook scam

The webpage looks like it's part of Facebook, and most people wouldn't hesitate to press the "Play" button the video. But the reality is that clicking on the play button secretly hides some additional code.

The Mac computer I tested the scam on was running the Sophos's free Mac anti-virus, which was smart enough to alert me to the danger posed by the button:

Facebook scam

However, if you hadn't properly protected your computer you might find that you are being clickjacked into invisibly saying you "Like" the link on Facebook without realising.

In my testing, pressing the button said that I "liked" a different scam - this one related to a video allegedly showing a zookeeper being eaten by a giant snake.

Facebook scam

[VIDEO] Snake Eats MAN!
[LINK]

CAUGHT ON TAPE- A Giant Snake Swallows Up A Zookeeper in Front of Hundreds of People!

In this way the scam can spread rapidly between your online friends, increasing the traffic to the real page the scammers want you to visit - one which asks you to take part in an online quiz or survey.

Facebook scam

A free iPhone 4S? You'll be lucky. Scams like this can earn millions of dollars for those behind them in form of affiliate commission and by - sometimes - signing your mobile phone up for premium rate services.

If you see a scam like this on your newsfeed - be sure to remove it, and report is as spam to Facebook. That way you will no longer be sharing the offending link with your friends.

Report the message as spam

If you're a Facebook user and want to keep up on the latest threats and security news I would recommend you join the Sophos Facebook page - where more than 190,000 people regularly discuss the latest attacks.

, , , ,

You might like

One Response to Giant snakes eating zookeepers and unwatchable videos - Facebook hit again by clickjacking scams

  1. Arnav · 775 days ago

    its happing since last year.... these posts comes without the knowledge of friends who claimed to be their senders

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.