Earlier this month, the (appropriately named) Daily Mail ran a story about a British woman who claims to have slept with 5000 men over the course of the last nine years.
So far, so tabloid.
Earlier today, however, a member of the Sophos page on Facebook informed me of a suspicious page he had found on the site, which appeared to be exploiting the rather grubby story of the young woman’s busy sex life.
If you visit the “Girl who had sex with 5000 men” Facebook page you are first presented with a “Security Check” which asks you to confirm that you are over 18 years of age because some of the content may contain “shocking graphics, nudity or disrespect other individuals.”
From the look of the warning you may imagine it is a real Facebook warning – but it isn’t theirs. It belongs to the people who are attempting to trick you into liking the page and – presumably – they believe a warning about the possibly salacious nature of the following content may encourage you to venture further into their web.
The next warning goes one stage further, claiming to be a means of checking whether you are a spam bot or not.
In fact, unbeknownst to you, if you click on the numbers in the order that the warning suggests you are being invisibly clickjacked. The clickjacking attack secretly updates your Facebook profile to say that you like the page, as well as another one entitled “Why are you complaining about pervs adding you if you have slutty pictures?”
Thousands of people have already “liked” the pages.
And do you get to see any material that contains “shocking graphics, nudity or disrespect other individuals”? Nope. Well, not unless you believe that original Daily Mail news report to be disrespectful.
Scams like this are designed to get you to forward links to your friends, and encourage others to join groups and pages. Of course, once a large audience has been built up by the scammers they can use it for mischievous ends, or potentially send out a dangerous link or update designed to compromise your computer or earn money from your poor security.
I’ve informed Facebook of this latest scam, and hopefully they will shut it down shortly. But it won’t be long before others pop up to take its place.
Everyone must take more care when they’re online as right now we’re all making it too easy for the scammers and cybercriminals to spread their attacks. Over 20,000 people have already joined the Sophos page on Facebook to be kept informed of the latest security threats – if you’re a user of Facebook, maybe you should join them too?
By the way, if you haven’t worked it out yet. Another way of describing 5000 men in nine years is 5000 men in just 3,285 days. Yes, quite.