Once again, scammers are running rings about Facebook’s built-in security measures by spreading a clickjacking scam between users’ accounts.
The latest attack poses as a link to a video of a dad walking in on his daughter.
Dad walks in on Daughter.. EMBARRASSING!
This really must have been an awkward moment.
Interestingly, on this occasion, the image used in the messages is the same as that used in the recent “Baby born amazing effect” scam which has spread with similar ferocity in the last couple of weeks on the social network.
Clicking on this latest link takes users to a webpage, where it looks as though you need to press the “Play” icon to watch the video.
However, clicking the icon secretly tells Facebook that you “Like” the page (via the use of a clickjacking exploit), helping the scam to perpetuate.
It will be no surprise at all to regular Naked Security readers that the scam is designed to drive traffic to online surveys – which earns commission for the scammers behind the attack.
When I tried it, the surveys claimed that I could receive a free iPad or MacBook or even a flat-screen television.
If you’ve been hit by a scam like this, remove the messages and likes from your Facebook page – and warn your friends not to click on the offending links. Clearly there’s much more work which needs to be done by Facebook to prevent these sorts of messages spreading so rapidly.
If you use Facebook and want to learn more about spam, malware, scams and other threats, you should join the Sophos Facebook page where we have a thriving community of over 160,000 people.