Sophos warns about ‘Never gonna drink Coca Cola again’ Facebook scam
July 2010 by Sophos
IT security and data protection firm Sophos is warning Facebook users about a new scam that has spread quickly, pretending to be a link to a "horrific video" about why you should never drink Coca Cola.
The scam differs from many recent ’clickjacking’ attacks by tricking people into sharing the link manually multiple times with their Facebook friends with the message:
"I am part of the 98.0% of people that are NEVER gonna drink Coca Cola again after this HORRIFIC video —> [Link removed]"
The webpage claims to poll whether the user has shared the link enough times in order to watch the video. Users will quickly notice, however, that regardless of how many times they share the link, the video remains inaccessible to them and they are urged to take a short-cut survey which asks for personal information.
"It amazes me that people will go to such great lengths to see a video from a source that they know nothing about," said Graham Cluley, senior technology consultant at Sophos. “With clickjacking, users unwillingly “liked” a web page or a video automatically if they clicked on a link that they saw on a friend’s wall. With this Coca Cola scam, users are actively sharing the post numerous times and then they’re volunteering personal information – all because the temptation to see a video is too much to resist."
"The users who try and watch this video have no way of knowing how their personal information may be used - the only people who will benefit are the scammers behind the attack. Facebook users need to wise up to the risk of outside threats in order to control the spread of attacks like this on social networking sites," continued Cluley.
Facebook users that have been affected should view the recent activity on their news feed and delete entries related to the offending links. In addition, they should view their profile, click on the ‘Info’ tab and remove any of the offending pages from the "Likes and interests" section.