States in the USA, such as Vermont and New Jersey, are continuing to deal with heavy flooding in the aftermath of Hurricane Irene.
And we weren’t surprised to find internet scammers attempting to profit from other people’s misery.
For instance, here is a clickjacking scam which at the time of writing is still active on Facebook.
This Facebook page reads:
VIDEO SHOCK - Hurricane Irene New York kills All
All? Hmm.. that would be a rather fanciful claim even for the most sensationalist tabloid report. But maybe it will be enough to make you click further.
BAM! Too late. You’ve been clickjacked. Even before you’ve had a chance to notice that the page is suddenly talking to you in Italian, the webpage has taken your click onto what you thought was the video’s play button and secretly behind-the-scenes tricked you into saying you “Like” the page – thus promoting it to your online Facebook friends.
If you were running an add-on like NoScript for Firefox you would have been protected by a warning message:
But let’s imagine that you weren’t protected. What happens next?
The page insists that you share the link to the Facebook page, presumably in an attempt to increase its viral spread. So far things don’t seem to be working well for the scammers – as only 12 people have said they “Like” the page (and one of those is my test account). Maybe folks are suspicious about a claim that Hurricane Irene has killed *everyone* in New York.
You’re still keen to watch the video, of course, but first the scammers want you to take an online survey – which not only asks you for personal information but also can earn them commission.
If you are hit by a scam like this you should remove the page from the list of pages that your Facebook profile likes..
..and remove it from your newsfeed, reporting it as spam to Facebook.
The good news is that this particular scam hasn’t become widespread, but many others do.
If you’re a Facebook user and want to keep up on the latest threats and security news I would recommend you join the Sophos Facebook page – where more than 100,000 people regularly discuss the latest attacks.Follow @gcluley