Category Archives: likejacking

Dad walks in on Daughter Facebook clickjacking attack helps scammers earn money

Once again, scammers are running rings about Facebook’s built-in security measures by spreading a clickjacking scam between users’ accounts.

The latest attack poses as a link to a video of a dad walking in on his daughter.

Dad walks in on daughter.. embarrassing!

Dad walks in on Daughter.. EMBARRASSING!
[LINK]
This really must have been an awkward moment.

We’ve seen scams which use language like this before, of course, and sometimes they’ve been used to trick you into installing software onto your computer.

Interestingly, on this occasion, the image used in the messages is the same as that used in the recent “Baby born amazing effect” scam which has spread with similar ferocity in the last couple of weeks on the social network.

Clicking on this latest link takes users to a webpage, where it looks as though you need to press the “Play” icon to watch the video.

Dad walks in on daughter video

However, clicking the icon secretly tells Facebook that you “Like” the page (via the use of a clickjacking exploit), helping the scam to perpetuate.

Dad walks in on daughter survey

It will be no surprise at all to regular Naked Security readers that the scam is designed to drive traffic to online surveys – which earns commission for the scammers behind the attack.

When I tried it, the surveys claimed that I could receive a free iPad or MacBook or even a flat-screen television.

Dad walks in on daughter survey

If you’ve been hit by a scam like this, remove the messages and likes from your Facebook page – and warn your friends not to click on the offending links. Clearly there’s much more work which needs to be done by Facebook to prevent these sorts of messages spreading so rapidly.

If you use Facebook and want to learn more about spam, malware, scams and other threats, you should join the Sophos Facebook page where we have a thriving community of over 90,000 people.

Share/Save

Lily Allen: Marriage and Facebook clickjacking in the same weekend

Lily AllenAlthough we see scams spreading on the Facebook social network every day of the week, there seems to be a special spurt of activity at weekends.

Maybe people who are susceptible to scams are more likely to be clicking on links apparently shared by their Facebook friends at the weekend, or maybe the bad guys are taking advantage of Facebook’s own security team being caught on the hop.

I don’t know the reason, but it’s never a surprise to see scams spreading quickly on Saturdays and Sundays. This last weekend we saw scams such as “The World Funniest Condom Commercial – LOL”, Baby Born Amazing Effect – WebCamera and “This Guy Took A Picture Of His Face Every Day For 8 Years” make their mark once again, for instance.

Here’s a couple of other scams we saw, where the links were pointing to clickjacking pages:

Lily Allen shows her breasts on British television!

Lily Allen shows her breasts on British television!
[LINK]
In a broadcast on Channel 4, the singer Lilly Allen shows us her beautiful breasts.

That’s probably not the kind of thing that pop star Lily Allen wants spreading around on Facebook on the very same weekend that she’s getting married.

Meanwhile, some folks took advantage of the weekend to enjoy a trip to the theme park:

Woman has an orgasm on a roller coaster

W0man has an 0rgasm on a r0ller c0aster
[LINK]
I love how the dude stops laughing and goes completely silent once he realizes his girlfriend wasn't joking about having an orgasm.

Note the funky spelling with zeros replacing “o”s – presumably in an attempt to avoid filters.

Hopefully not many people need reminding by now, but you should always think twice before clicking on an unknown link even if it does appear to have been shared by one of your Facebook friends.

Maybe we’d all be safer if everyone had a cold shower before logging into Facebook..

If you’re on Facebook and want to learn more about spam, malware, scams and other threats, you should join the Sophos Facebook page where we have a thriving community of over 90,000 people.

World funniest condom commercial? Facebook hit by viral likejacking attack

CondomsMessages are beginning to spread across Facebook, tricking users into clicking on links which claim to point to the world’s funniest condom commercial.

The messages are spreading through a clickjacking scam (sometimes known as likejacking) which means that users do not realise that they are invisibly pressing that they “Like” the video when they try to play it.

A typical message looks something like the following (the actual link can change):

The World Funniest Condom Commercial message on Facebook

The World Funniest Condom Commercial - LOL
[LINK]
haha its really so funny ~ Dont Miss it !

The scam appears to be being perpetrated by the same gang who have been successfully spreading a “Baby born amazing effect” scam over the last several days.

Clicking on the links, which so far appear to all be hosted on blogspot.com, takes users to a webpage which urges visitors to click to watch the video.

The pages have the headline “The Funniest Condom Commercial”:

Click further at your own discretion – because the clickjacking scam is about to play its part in the scheme. If you try to play the video then you will be unwittingly saying that you “Like” the link, and sharing it with your friends. In this way the link spreads virally across Facebook.

By the way, there is a condom commercial shown at the end of this whole process, but the Argentinian TV advert is available for free on YouTube meaning that there was a way of viewing it which didn’t involve helping the scammers spread their link across the Facebook social network. (Oh, and the video is not that funny).

As regular readers of Sophos’s Facebook page will know, scams like this have been seen on far too many occasions.

Recently announced new Facebook security features were supposed to provide protection against clickjacking/likejacking schemes like this – but once again have unfortunately proven to be ineffectual.

If you were running anti-clickjacking protection, such as the NoScript add-on for Firefox, then you would see a warning message about the attempted clickjacking:

Here’s how you can clean-up your Facebook page.

Find the offending message on your Facebook page, and select “Remove post and unlike”. You could also choose to mark it as spam to alert Facebook’s security team.

Remove the entry from your Facebook page

Unfortunately that doesn’t completely remove the connection between the mischievous link and your Facebook page. You also need to go into your profile, choose Activities and Interests and remove any pages that you don’t want to “Like”.

Remove Funniest Condom page from your list of Likes

Of course, attacks like this would find it much harder to spread if folks were much more careful about the links they clicked on when using Facebook – and if Facebook’s in-built security was more effective at stopping clickjacking attacks.

If you’re on Facebook and want to learn more about spam, malware, scams and other threats, you should join the Sophos Facebook page where we have a thriving community of over 80,000 people.

Hat-tip: Thanks to Naked Security reader Josh for first giving us a heads-up about this clickjacking scam spreading on Facebook

Baby Born amazing effect? No, another Facebook likejacking scam

Mother and new born babyMessages are spreading rapidly across Facebook, as users get tricked into clicking on links claiming to show an amazing video of a big baby being born.

The messages are spreading with the assistance of a clickjacking scam (sometimes known as likejacking) which means that users do not realise that they are invisibly pressing a “Like” button to pass the message onto their online friends.

A typical message looks as follows:

Baby Born Amazing Effect

Baby Born Amazing Effect - WebCamera
[LINK]
Big Baby Born !

(Note: I have obscured the thumbnail used in the messages, as some may find it offensive because of its err.. anatomical nature.)

The links we have seen so far all point to pages hosted on blogspot.com, and appear to contain a video player that you are urged to click on.

The pages are headlined: “Baby Born Video – Amazing Effects”.

Baby Born Amazing Effect

See the message at the bottom of the page? It reads:

If Play Button don't work please click on the Like button and Confirm, then you can watch the Video.

It’s at this point that the clickjacking scam plays its part. If you try to play the video then you will be secretly and unwittingly saying that you “Like” the link, and sharing it with your friends. In this way the link spreads virally.

As regular readers of Sophos’s Facebook page will know, scams like this have been seen on far too many occasions. It’s a crying shame that Facebook’s own security measures don’t warn about this particular clickjacking attack.

If you were running anti-clickjacking protection, such as the NoScript add-on for Firefox, then you would see a warning message about the attempted clickjacking:

Baby Born Amazing Effect

Unfortunately, thousands of Facebook users appear to have fallen for the scam – and are helping the links spread rapidly across the social network.

Here’s how you can clean-up your Facebook page.

Find the offending message on your Facebook page, and select “Remove post and unlike”.

Baby Born Amazing Effect

Unfortunately that doesn’t completely remove the interloping link. You also need to go into your profile, choose Activities and Interests and remove any pages that you don’t want to “Like”.

Baby Born Amazing Effect

If only folks were more careful about the links they clicked on when using Facebook.

If you’re on Facebook and want to learn more about spam, malware, scams and other threats, you should join the Sophos Facebook page where we have a thriving community of over 80,000 people.

BBC News/Dad walks in on daughter Facebook scams

Criminals and scammers on Facebook aren’t resting on their laurels… in fact, they are branching out and using multiple techniques all rolled into one scam.

Facebook wall post Dad walked inTonight’s blockbuster spam is taking on several guises. One version is a likejacking attack that spams your wall with the message “Dad walks in on daughter… EMBARRASING!!!” and “This really has to be an awkward moment.”

They seem to be quickly rotating through a long list of Google (goo.gl) short URLs to evade detection.

Strangely, it appears that the likejacking protection Facebook introduced last month is not working. At the moment the page has over 49,000 likes and is growing.

A variation of the same scam seemingly aimed at a more international audience pretends to be from BBC News. It is an application using variations of the word news or newz.

BBC News Facebook scam

It posts messages to your wall saying “Everyone do check what she did on cam ….” and seems to also play on the recent spate of photo tagging scams.

All of this ultimately leads to an obviously faked video on YouTube, covered by a survey scam. The video on YouTube has over 77,000 views, implying that many people are filling out the surveys that generate cash for the scammers.

YouTube video views

As with all of these different Facebook lures, try to resist the temptation to click them, and be sure to click the report spam button to alert the Facebook security team.

Sophos has a guide for configuring your Facebook profile to maintain your privacy and continue to be social. Why not give it a look and check your settings against our advice?

To stay up to date on the latest scams, spams and other security and privacy advice join our Facebook page.

Copyright © 2014. Powered by WordPress & Romangie Theme.