Revenge on an ex-girlfriend or a Facebook clickjacking attack?

Filed Under: Clickjacking, Facebook, Social networks, Spam

Another status update was spreading virally earlier today, exploiting a clickjacking attack that we have seen Facebook scammers use in the past.

Messages were appearing on users' Facebook accounts saying:

OMG This GUY Went a Little To Far WITH His Revenge On His EX Girlfriend

OMG This GUY Went a Little To Far WITH His Revenge On His EX Girlfriend

Clicking on the link would take your web browser to a page which asked you to click on a red and then a blue box to "confirm" that you are human.

Colourful clickjacking attack

We've seen this trick a number of times before, of course.

It's what I call a colourful clickjacking attack. You think you're just clicking with your mouse on a red and blue box, but in fact you're unknowingly liking and sharing the link with all of your Facebook friends.

If thousands of Facebook users like a page, as they did in this incident, then there's the potential for cybercriminals to send spam to them or distribute a malicious link en masse to their newly-groomed fans.

But let's continue with our journey through the scam.

Hello! Click here to continue

A hop and a click later, and you finally see what purports to be a letter from a man to his ex-girlfriend..

Revenge letter to an ex-girlfriend

Thousands of Facebook users fell for this, the latest in a long line of scams spreading virally across the network. By the looks of things, Facebook has shut this attack down - but no doubt there will be more on their way.

If you were hit, make sure that you have checked your Facebook profile to remove references to the page and ensure that you only have pages that you *really* like listed under your "like"s.

Of course, none of these attacks would spread if people were more suspicious of unusual posts made by their Facebook friends, and kept themselves informed of the latest tactics used by scammers and cybercriminals. If you want to learn more about security threats on the social network and elsewhere on the internet, join the Sophos Facebook page.

, , ,

You might like

One Response to Revenge on an ex-girlfriend or a Facebook clickjacking attack?

  1. Will O'Keefe · 1436 days ago

    I not only did not post these or any other Video's, I've provided informattion on my personal PC which Microsoft, Google and not Apple stepped into the game, bought a friends 1 year old IPhone and yes, i backed it up on my PC and did not delete it when I determined that the IPhone and I did not get along and it broke in "PERFECT ORIGINAL CONDITION" stated the Apple Store.

    I wouldn't wish this on MOST people...have no choice....If I had know earlier I could have started the clean up sooner. Several bad words implied here!

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley