Posts Tagged ‘Likejacking’

Dad walks in on Daughter Facebook clickjacking attack helps scammers earn money

Published by pratyushkp on June 15th, 2011 - in Social, Technology

Image via CrunchBase

Once again, scammers are running rings about Facebook‘s built-in security measures by spreading a clickjacking scam between users’ accounts.

The latest attack poses as a link to a video of a dad walking in on his daughter.

Dad walks in on Daughter.. EMBARRASSING!
[LINK]
This really must have been an awkward moment.

We’ve seen scams which use language like this before, of course, and sometimes they’ve been used to trick you into installing software onto your computer.

Interestingly, on this occasion, the image used in the messages is the same as that used in the recent “Baby born amazing effect” scam which has spread with similar ferocity in the last couple of weeks on the social network.

Clicking on this latest link takes users to a webpage, where it looks as though you need to press the “Play” icon to watch the video.

However, clicking the icon secretly tells Facebook that you “Like” the page (via the use of a clickjacking exploit), helping the scam to perpetuate.

It will be no surprise at all to regular Naked Security readers that the scam is designed to drive traffic to online surveys – which earns commission for the scammers behind the attack.

When I tried it, the surveys claimed that I could receive a free iPad or MacBook or even a flat-screen television.

If you’ve been hit by a scam like this, remove the messages and likes from your Facebook page – and warn your friends not to click on the offending links. Clearly there’s much more work which needs to be done by Facebook to prevent these sorts of messages spreading so rapidly.

Source :- http://nakedsecurity.sophos.com

World funniest condom commercial? Facebook hit by viral likejacking attack

Published by pratyushkp on June 1st, 2011 - in Social, Technology

Image via Wikipedia

Messages are beginning to spread across Facebook, tricking users into clicking on links which claim to point to the world’s funniest condom commercial.

The messages are spreading through a clickjacking scam (sometimes known as likejacking) which means that users do not realise that they are invisibly pressing that they “Like” the video when they try to play it.

A typical message looks something like the following (the actual link can change):

The World Funniest Condom Commercial - LOL
[LINK]
haha its really so funny ~ Dont Miss it !

The scam appears to be being perpetrated by the same gang who have been successfully spreading a “Baby born amazing effect” scam over the last several days.

Clicking on the links, which so far appear to all be hosted on blogspot.com, takes users to a webpage which urges visitors to click to watch the video.

The pages have the headline “The Funniest Condom Commercial”:

Click further at your own discretion – because the clickjacking scam is about to play its part in the scheme. If you try to play the video then you will be unwittingly saying that you “Like” the link, and sharing it with your friends. In this way the link spreads virally across Facebook.

By the way, there is a condom commercial shown at the end of this whole process, but the Argentinian TV advert is available for free on YouTube meaning that there was a way of viewing it which didn’t involve helping the scammers spread their link across the Facebook social network. (Oh, and the video is not that funny).

As regular readers of Sophos’s Facebook page will know, scams like this have been seen on far too many occasions.

Recently announced new Facebook security features were supposed to provide protection against clickjacking/likejacking schemes like this – but once again have unfortunately proven to be ineffectual.

If you were running anti-clickjacking protection, such as the NoScript add-on for Firefox, then you would see a warning message about the attempted clickjacking:

Here’s how you can clean-up your Facebook page.

Find the offending message on your Facebook page, and select “Remove post and unlike”. You could also choose to mark it as spam to alert Facebook’s security team.

Unfortunately that doesn’t completely remove the connection between the mischievous link and your Facebook page. You also need to go into your profile, choose Activities and Interests and remove any pages that you don’t want to “Like”.

Of course, attacks like this would find it much harder to spread if folks were much more careful about the links they clicked on when using Facebook – and if Facebook’s in-built security was more effective at stopping clickjacking attacks.

Source : -http://nakedsecurity.sophos.com

Baby Born amazing effect? No, another Facebook likejacking scam

Published by pratyushkp on May 28th, 2011 - in Social, Technology

Image via CrunchBase

Messages are spreading rapidly across Facebook, as users get tricked into clicking on links claiming to show an amazing video of a big baby being born.

The messages are spreading with the assistance of a clickjacking scam (sometimes known as likejacking) which means that users do not realise that they are invisibly pressing a “Like” button to pass the message onto their online friends.

A typical message looks as follows:

Baby Born Amazing Effect - WebCamera
[LINK]
Big Baby Born !

(Note: Graham Cluley have obscured the thumbnail used in the messages, as some may find it offensive because of its err.. anatomical nature.)

The links we have seen so far all point to pages hosted on blogspot.com, and appear to contain a video player that you are urged to click on.

The pages are headlined: “Baby Born Video – Amazing Effects”.

See the message at the bottom of the page? It reads:

If Play Button don't work please click on the Like button and Confirm, then you can watch the Video.

It’s at this point that the clickjacking scam plays its part. If you try to play the video then you will be secretly and unwittingly saying that you “Like” the link, and sharing it with your friends. In this way the link spreads virally.

It’s a shame that Facebook’s own security measures don’t warn about this clickjacking attack.

If you were running anti-clickjacking protection, such as the NoScript add-on for Firefox, then you would see a warning message about the attempted clickjacking:

Unfortunately, thousands of Facebook users appear to have fallen for the scam – and are helping the links spread rapidly across the social network.

Here’s how you can clean-up your Facebook page.

Find the offending message on your Facebook page, and select “Remove post and unlike”.

Unfortunately that doesn’t completely remove the interloping link. You also need to go into your profile, choose Activities and Interests and remove any pages that you don’t want to “Like”.

If only folks were more careful about the links they clicked on when using Facebook.

Source :- http://nakedsecurity.sophos.com

  • Baby Born amazing effect? No, another Facebook likejacking scam (nakedsecurity.sophos.com)
  • Facebook comment-jacking? OMG! I Can’t believe JUSTIN Bieber did THIS to a girl (pratyushkp.wordpress.com)
  • Facebook announces new security features (blogoholic.in)
  • Hottest & Funniest Golf Course Video scam spreads virally on Facebook – beware! (blogoholic.in)
  • It’s a Facebook clickjack scam (eclectomania.wordpress.com)
  • Facebook announces new security features (pratyushkp.wordpress.com)

Facebook comment-jacking? OMG! I Can’t believe JUSTIN Bieber did THIS to a girl

Published by pratyushkp on April 30th, 2011 - in Social

It’s starting to seem like Facebook can’t win against those who wish to use their service to scam, spam and simply cause trouble. Over the last day or so, a new type of attack has been spreading using the phrase “OMG! I Can’t believe JUSTIN Bieber did THIS to a girl”.

It leads to a page asking you to verify a simple math problem to “prevent bots from slowing down the site”. In actuality, it is another clickjack-type scheme in which you are asked to type the answer into a box.

Comment-jack security check

It doesn’t matter what you type, because it’s a social engineering trick. What you are actually typing is a comment that is used to share the link with your friends on Facebook. You can see the tooltip that says “Add a Comment” in the screenshot.

This bypasses Facebook’s recent attempt at detecting likejacking fraud. Links you comment on are not using the same mechanisms that Facebook is monitoring when you click “Like”.

Many moons ago, the first Facebook attacks started with illegitimate applications asking for permission to access your wall and spread their messages by spamming your friends through wall posts. While this worked well, it was a bit easy for Facebook to track down and remove the bogus apps.

Early in 2010 we saw the first attempts at likejacking. This technique involves layering one image over the top of a Like button and tricking the victim into clicking something that appears to play a video or a continue button, when in fact they are clicking the Like button hidden underneath.

Facebook Bieber scam wall post

More recently we have seen the attackers trying lots of new techniques. In the past few months we have seen them tagging people in photos they are not in to get you to click, inviting people to fake events and even making you an administrator of a Facebook page that isn’t yours.

While protecting yourself may not be as simple as not clicking anything that says “OMG!” that isn’t a bad start. Be skeptical, understand that messages from your friends may not in fact have been sent to you willingly, and if you are really tempted to click, take a short timeout to conduct a Google/Bing search.

As of the time of this writing some of the YouTube videos this scam leads to have been removed by YouTube. However, one video that is still working has over 525,000,000 views since February and thousands of comments in the last 24 hours — in other words, since this Facebook scam has been making the rounds.

To stay up to date on the latest threats, follow us on Facebook. For advice on how to configure your profile to protect your privacy check out This recommendations for Facebook settings.

Source :- http://nakedsecurity.sophos.com

  • Audi has most engaged Facebook fans, beats out Justin Bieber (autoblog.com)
  • This Lesbian Actually Is Justin Bieber (queerty.com)
  • David Beckham Hangs Out With Justin Bieber (Kinda) (pinkisthenewblog.com)
  • I can’t believe a GIRL did this because of Justin Bieber (zdnet.com)
  • Justin Bieber’s cell phone number? Nope, it’s a Facebook scam (sophos.com)
  • Why Justin Bieber Is An Online Marketing Guru (keepthepeakunique.com)
  • I Discovered Justin (burnadvertising.wordpress.com)
  • OMG: Justin Bieber Goes Bald! (thehollywoodgossip.com)
  • SHOCKER: Justin Bieber’s Lookalike Is a Girl (odditycentral.com)
  • Guy who took a picture of his face for 8 years FouTube Facebook scam (nakedsecurity.sophos.com)
© Social Media Blog