Posts Tagged ‘Clickjacking’

Lily Allen: Marriage and Facebook clickjacking in the same weekend

Published by pratyushkp on June 15th, 2011 - in Social, Technology

Image by Getty Images via @daylife

Although we see scams spreading on the Facebook social network every day of the week, there seems to be a special spurt of activity at weekends.

Maybe people who are susceptible to scams are more likely to be clicking on links apparently shared by their Facebook friends at the weekend, or maybe the bad guys are taking advantage of Facebook’s own security team being caught on the hop.

I don’t know the reason, but it’s never a surprise to see scams spreading quickly on Saturdays and Sundays. This last weekend we saw scams such as “The World Funniest Condom Commercial – LOL”, Baby Born Amazing Effect – WebCamera and “This Guy Took A Picture Of His Face Every Day For 8 Years” make their mark once again, for instance.

Here’s a couple of other scams we saw, where the links were pointing to clickjacking pages:

Lily Allen shows her breasts on British television!
[LINK]
In a broadcast on Channel 4, the singer Lilly Allen shows us her beautiful breasts.

That’s probably not the kind of thing that pop star Lily Allen wants spreading around on Facebook on the very same weekend that she’s getting married.

Meanwhile, some folks took advantage of the weekend to enjoy a trip to the theme park:

W0man has an 0rgasm on a r0ller c0aster
[LINK]
I love how the dude stops laughing and goes completely silent once he realizes his girlfriend wasn't joking about having an orgasm.

Note the funky spelling with zeros replacing “o”s – presumably in an attempt to avoid filters.

Hopefully not many people need reminding by now, but you should always think twice before clicking on an unknown link even if it does appear to have been shared by one of your Facebook friends.

Maybe we’d all be safer if everyone had a cold shower before logging into Facebook..

Source :- http://nakedsecurity.sophos.com

  • Lily Allen: Marriage and Facebook clickjacking in the same weekend (nakedsecurity.sophos.com)
  • Name Change! Lily Allen Is Now Lily Cooper (perezhilton.com)
  • Lily Allen and Sam Cooper Tie the Knot! (lethalrhythmslive.com)
  • Baby Born amazing effect? No, another Facebook likejacking scam (blogoholic.in)
  • Lily Allen Marries & Is Pregnant! (since1910.com)
  • Lily Allen Marries Sam Cooper (shoppingblog.com)

Facebook comment-jacking? OMG! I Can’t believe JUSTIN Bieber did THIS to a girl

Published by pratyushkp on April 30th, 2011 - in Social

It’s starting to seem like Facebook can’t win against those who wish to use their service to scam, spam and simply cause trouble. Over the last day or so, a new type of attack has been spreading using the phrase “OMG! I Can’t believe JUSTIN Bieber did THIS to a girl”.

It leads to a page asking you to verify a simple math problem to “prevent bots from slowing down the site”. In actuality, it is another clickjack-type scheme in which you are asked to type the answer into a box.

Comment-jack security check

It doesn’t matter what you type, because it’s a social engineering trick. What you are actually typing is a comment that is used to share the link with your friends on Facebook. You can see the tooltip that says “Add a Comment” in the screenshot.

This bypasses Facebook’s recent attempt at detecting likejacking fraud. Links you comment on are not using the same mechanisms that Facebook is monitoring when you click “Like”.

Many moons ago, the first Facebook attacks started with illegitimate applications asking for permission to access your wall and spread their messages by spamming your friends through wall posts. While this worked well, it was a bit easy for Facebook to track down and remove the bogus apps.

Early in 2010 we saw the first attempts at likejacking. This technique involves layering one image over the top of a Like button and tricking the victim into clicking something that appears to play a video or a continue button, when in fact they are clicking the Like button hidden underneath.

Facebook Bieber scam wall post

More recently we have seen the attackers trying lots of new techniques. In the past few months we have seen them tagging people in photos they are not in to get you to click, inviting people to fake events and even making you an administrator of a Facebook page that isn’t yours.

While protecting yourself may not be as simple as not clicking anything that says “OMG!” that isn’t a bad start. Be skeptical, understand that messages from your friends may not in fact have been sent to you willingly, and if you are really tempted to click, take a short timeout to conduct a Google/Bing search.

As of the time of this writing some of the YouTube videos this scam leads to have been removed by YouTube. However, one video that is still working has over 525,000,000 views since February and thousands of comments in the last 24 hours — in other words, since this Facebook scam has been making the rounds.

To stay up to date on the latest threats, follow us on Facebook. For advice on how to configure your profile to protect your privacy check out This recommendations for Facebook settings.

Source :- http://nakedsecurity.sophos.com

  • Audi has most engaged Facebook fans, beats out Justin Bieber (autoblog.com)
  • This Lesbian Actually Is Justin Bieber (queerty.com)
  • David Beckham Hangs Out With Justin Bieber (Kinda) (pinkisthenewblog.com)
  • I can’t believe a GIRL did this because of Justin Bieber (zdnet.com)
  • Justin Bieber’s cell phone number? Nope, it’s a Facebook scam (sophos.com)
  • Why Justin Bieber Is An Online Marketing Guru (keepthepeakunique.com)
  • I Discovered Justin (burnadvertising.wordpress.com)
  • OMG: Justin Bieber Goes Bald! (thehollywoodgossip.com)
  • SHOCKER: Justin Bieber’s Lookalike Is a Girl (odditycentral.com)
  • Guy who took a picture of his face for 8 years FouTube Facebook scam (nakedsecurity.sophos.com)
© Social Media Blog