Sophos Cloud Optix
Non-English speaking Facebook users shouldn’t be fooled into believing that they are somehow immune from the scams and attacks that plague the social networking site.
The latest few campaigns seen by SophosLabs, for instance, target Italian users of the social network.
COCA COLA: Dopo aver visto questo video non berrò più coca cola. Svelata la ricetta segreta. Guarda il video verità
Which translates as:
COCA COLA: After watching this video you won't drink Coca Cola. The secret recipe revealed. Watch the video truth
Cacciati Annalisa e Vito da AMICI per aver schiaffeggiato la Celentano, ECCO IL VIDEO INEDITO DEL PUGNO IN FACCIA
Which translates as:
Vito and Anna expelled for having slapped Celentano. FRIENDS, HERE IS THE VIDEO OF THE PUNCH IN THE FACE
(Update: Naked Security reader Paolo – who by the sound of things probably knows Italian better than us – offers a better translation).
LO SCHERZO DI SAN VALENTINO CHE STA FACENDO IL GIRO DEL MONDO! TE RETO A VER ESTA PAGINA PARA 5 SEGUNDOS SIN REÍRTE
Which translates as:
THE VALENTINE'S DAY JOKE THAT IS GOING AROUND THE WORLD! I CHALLENGE YOU TO VIEW THIS PAGE FOR 5 SECONDS WITHOUT LAUGHING
All of these Facebook scams use clickjacking techniques to trick the user into “liking” them. SophosLabs is intercepting the suspicious pages as Mal/FBJack-A.
As with the case of the dirty undressing Italian schoolteacher, Facebook users who aren’t using Sophos Anti-Virus can protect themselves from clickjacking threats like this by using browser plugins such as NoScript for Firefox.
Facebook users can learn how to protect themselves by reading Sophos’s recommendations for Facebook security. Or check out the advice in Italian here: Consigli di Sophos per le impostazioni di Facebook.
To keep informed about the latest Facebook security threats, please join the Sophos page on Facebook where we regularly highlight new attacks.
Oh, and it’s not just Italian language attacks of course. Naked Security readers have reported similar attacks in Japanese and, interestingly, we have also seen a strange Cyrillic message that is associated with yet more Facebook clickjacking:
Colourful clickjacking attacks, requiring users to click on a series of rainbow-coloured boxes without realising they’re authorising other actions, are nothing new of course.
As more and more criminals discover how successful attacks via Facebook can be, we can expect the tried-and-trusted techniques of the English-speaking world to be cloned elsewhere around the globe.
Take care folks.
Hi,
Sorry to nitpick, but the Italian translation is incorrect. “Amici” is the name of a (regrettably) popular Italian reality TV show. A more correct translation would be “Vito and Annalisa expelled from AMICI for slapping [Miss] Celentano. HERE IS THE UNSEEN VIDEO OF THE PUNCH IN THE FACE”.
Keep up the good work!
Paolo Attivissimo
Lugano, Switzerland