Cheryl Cole clickjacking on Facebook, posing as a BBC news report

Filed Under: Clickjacking, Facebook, Social networks, Spam

Cheryl ColeGirls Aloud pop star Cheryl Cole, famous in the UK for her role as a judge on top TV show "The X Factor" which had its grand final last night, is being exploited by scammers on Facebook.

Scammers are using a clickjacking technique to trick users into "liking" a webpage without their knowledge, believing it to be a BBC News report about paparazzi photographs that have exposed the popular celebrity.

Using the familiar banner of the BBC News website, the story beneath is not exactly the err.. content you would normally associate with the British Broadcasting Corporation. Instead it shows a typically tabloid pararazzi photograph of Cheryl Cole getting out of a car while wearing a short skirt.

Cheryl Cole likejacking page

Hardly the most convincing replica of the BBC website I've ever seen, but if you are tempted to click on the page uses a clickjacking technique to invisibly "like" the webpage, sharing it with all of your Facebook friends and buddies.

Cheryl Cole likejacking message

BBC News: Cheryl Cole Exposed Paparazzi Photos !

You won't realise, however, that your Facebook page has been updated unless you specifically look at your feed.

Instead, chances are that some fans of Cheryl Cole will venture further, seeing another page which looks distinctly unlike those normally produced by the BBC - and ultimately a picture that is often printed in the more lowbrow British newspapers.

Cheryl Cole uncensored

So, what's all the purpose of all this? Well, it appears that once again scammers are abusing Facebook users to drive traffic to online surveys - designed to earn them commission for every survey completed.

It's really time that something more serious was done about spam like this, which has been exploiting Facebook users for far too long.

If you have been hit by a scam like this, delete the messages from your newsfeed and remove the "like"s from your profile.

If you want to get earlier warning about security threats on the social network and elsewhere on the internet, you could do a lot worse than join the Sophos Facebook page.

, , , , ,

You might like

3 Responses to Cheryl Cole clickjacking on Facebook, posing as a BBC news report

  1. Guest · 1756 days ago

    What I like, is the watermark on the Uncensored image, like the BBC can't afford to purchase a stock image.

  2. Alex · 1756 days ago

    What's the URL for this scam?

    Thanks a lot for warning everybody! :)

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley