Viral Facebook clickjacking scam entices users with fake Emma Watson video, Sophos reports
March 2011 by Sophos
Sophos is warning Facebook users about a new scam that is spreading quickly across the social network claiming to be a link to a video entitled, "I lost all respect for Emma Watson when I seen this video! Outrageous!".
If Facebook users are curious enough to click on the link, their browser will be taken to a webpage which pretends to be a YouTube-style video site called ’FbVideo’.
Clicking anywhere on this webpage invisibly clicks on a "Like" button without the user’s knowledge, sharing the link virally with online friends across the Facebook network.
The purpose of the scam is to persuade Facebook users to take a survey, believing they are about to watch a video of Watson, who plays Hermione Granger in the Harry Potter movies. The survey scams earn commission for the scammers, and trick users into handing over their mobile phone number which is used to sign up for premium-rate SMS services.
"Attacks like this one spread rapidly as the link is shared automatically on users’ pages, before they have even realised they have fallen for a scam," said Graham Cluley, senior technology consultant at Sophos. "Facebook could stem the spread of clickjacking attacks, by asking users to confirm if they really wanted to "Like" a webpage. This would make it much harder for the bad guys to distribute viral attacks like this. It’s down to Facebook to help put a stop to the viral spread of these links by clamping down on ’Likejacking’."
Sophos experts note that other versions of this scam are currently circulating that use the names of Miley Cyrus and Justin Bieber as a lure.
Facebook users that have been affected should delete references to this scam from their wall, to avoid sharing it further with their online friends.