Sophos Cloud Optix
Emma Watson, the actress who plays the part of Hermione Granger in the Harry Potter movies, has found herself the subject of a clickjacking scam on Facebook.
Users of the social network have seen messages posted by their online friends claiming to have lost all respect for Emma Watson, after watching a video starring the young actress.
I lost all respect for Emma Watson when I seen this video! Outrageous!
Other versions may read:
i lost all respect for emma watson when i saw this video! outrageous!
If you’re curious enough to click on the link, your browser will be taken to a webpage which pretends to be a YouTube-style video site called FbVideo.
If you’ve got this far, you’ll probably be tempted to click to view the video. However, like the many clickjacking attacks we saw on Facebook last year, you will be invisibly clicking on a “Like” button without your knowledge, sharing the link further with your friends.
The page is designed to display a survey scam, which both earns money for the scammers and can trick you into handing over your mobile phone number to sign you up for a premium rate SMS service.
You can protect yourself from clickjacking threats like this by using browser plugins such as NoScript for Firefox.
But wouldn’t it be great if Facebook required users to confirm that they wished to “Like” a webpage? That would make scams like have a harder time spreading virally via the social network.
By the way, other versions of the scam are using the names of Miley Cyrus.
If you find you have accidentally “Liked” an offending webpage, remove references to it from your wall and check your profile settings.
As Chet pointed out with a similarly-themed Justin Bieber clickjacking scam on Facebook, it can also make sense to logout from Facebook when you are not actively using it to reduce the chances of you being tricked into “Liking” things you don’t really like.
If you’re a Facebook user and want to keep up on the latest threats and security news why don’t you join the Sophos Facebook page?
You could also do a lot worse than check out our best practices for better privacy and security on Facebook guide.
Image of Emma Watson courtesy of Helga Esteb / Shutterstock.com.
I also avoid accidentally liking things by browsing facebook in one browser (say chrome), and the rest of the web – any non-facebook page even if I start there in FB – in another browser (firefox).
Can't believe I got taken in by one of these. It didn't have the markings of most of these scams and I didn't click like so I wasn't worried. I found it on my page a minute later saying I 'liked' it. The funny part was, you posted this about a minute after that! Hopefully I got it off my page now. Of course I shared your post with all my friends.
I got hit by both the Bieber scam and some hot lookin’ Italian babe with big boobs several times over this past weekend. Took me quite a while to clean it up!
doesn't seem to affect linux systems. I clicked on one or two when they first started showing up, and no fake "likes" on my profile…running firefox in ubuntu.
I'll respect her when she does playboy.