It's just another scheme to hijack your click and use it to make you post the same thing on your page without your knowledge. Also, if you follow the steps you are required to follow in order to view the "funny pictures", you can be saddled with a $5 per week charge for a phone service you didn't ask for.
The scheme works like this:
You go to the "Top 10 Funny.." Facebook page, which immediately after loading grabs a malicious script that makes you share the page on your profile without your knowledge. In the meantime, it presents to you a box that says that you have to complete three steps in order to prove that you're human and not a bot.
The human verification process also requires you to complete a survey:
A Sophos researcher say that this is the moment when a script detection plugin (he uses NoScript) will likely warn you about a potential clickjacking attempt:
If you don't use any, you might not notice that the offending post is now on you profile page trying to trick your friends into clicking on it.
In the meantime, if you fill up one of the surveys offered, you will probably be asked to give up your mobile phone number. If you are unfamiliar with this kind of scam, you'll fail to notice that the fine print says that if you do so, you are automatically signing up for an auto renewing subscription service that charges you $5 per week via your cell phone provider.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.