Shark Attack Facebook Scam Employs Clickjacking

[Starbuck]

http://img.photobucket.com/albums/v708/starbuck50/Shark-Attack.jpg

 

Security researchers warn of a new Facebook scam trying to use a shocking element to lure people. However, what is particularly interesting about this one is that it employs a clickjacking trick.

 

This latest scam uses a rather grim theme, which is probably why the number of affected people is not yet into the hundreds of thousands. “OMG The Most Shocking Video Caught On Camera Girl Being Attacked By A Shark,” the associated spam reads.

 

Clicking on the link included in the messages leads to a rogue Facebook application page. Like most such scam, this one also tries to get users to jump through hoops in order to access the promised video, which in reality doesn't even exist.

 

The page displays a bar with differently colored sections and users are instructed to click on the red and blue ones. “If you agree to click on the coloured buttons (and I have to wonder why you would) then you are actually being clickjacked - secretly liking and sharing the link with all of your Facebook friends,” Graham Cluley, a senior technology consultant at Sophos, warns.

 

Clickjacking, or more technically known as user interface (UI) redressing, is a type of attack where CSS and JavaScript tricks are used to hijack a mouse click by placing an invisible button over another clickable element on the page. Last month security researchers found a clickjacking bug on Facebook, which could have been leveraged to force users into Liking pages transparently.

 

However, in this latest case the scammers seem to have completely missed the point of clickjacking attacks and explicitly tell the users what will happen if they click the buttons. This doesn't seem to stop many from doing it regardless.

 

 

Source:

Shark Attack Facebook Scam Employs Clickjacking - Users tricked into liking and sharing rogue page - Softpedia

[Plastic Nev]

These type of clickjackings are merely to expose more of your personal details than you wish to be seen, and therefore putting yourself at greater risk of being scammed in some other way via personal detail hijacks.

I notice there is another on there today doing exactly the same by the headline on the lines of -

"Most women can't look at this for more than ten seconds, but men can".

Once again you are invited to click this or that to eventually get to a rather dull picture of two women but one cup of chocolate. Or so I am told by those who have.

Safest thing is ignore these things as in most cases they appear on the page, but without any picture or link to whoever posted it.

[Starbuck]

We may have to set up a separate forum just for 'Facebook' warnings soon.

 

Another today:

'OMG the worlds worst mcdonalds customer (shocking video must see)'

 

Clicking on the bit.ly link takes the user to a Facebook application called 'Worst McD's Customer' which asks permission to post to the user's wall, access their data at any time, access their contact information and their list of friends,

 

If you're sensible you'll pull out at this point and not grant the application permission to access your data.

 

But sadly plenty of people are keen to see the 'shocking video' and will hand over control to the rogue Facebook app which promptly posts the link as a status update to your Facebook wall thus perpetuating the cycle.

 

Security concerns over latest rogue Facebook app - V3.co.uk - formerly vnunet.com