Facebook clickjacking scam tries to rip off users
Posted on 18 August 2010.
If you happen to see a post on your friends' Facebook pages about "Top 10 Funny T-Shirt Fails ROFL", don't fall for it.

It's just another scheme to hijack your click and use it to make you post the same thing on your page without your knowledge. Also, if you follow the steps you are required to follow in order to view the "funny pictures", you can be saddled with a $5 per week charge for a phone service you didn't ask for.

The scheme works like this:

You go to the "Top 10 Funny.." Facebook page, which immediately after loading grabs a malicious script that makes you share the page on your profile without your knowledge. In the meantime, it presents to you a box that says that you have to complete three steps in order to prove that you're human and not a bot.

The human verification process also requires you to complete a survey:


A Sophos researcher say that this is the moment when a script detection plugin (he uses NoScript) will likely warn you about a potential clickjacking attempt:


If you don't use any, you might not notice that the offending post is now on you profile page trying to trick your friends into clicking on it.

In the meantime, if you fill up one of the surveys offered, you will probably be asked to give up your mobile phone number. If you are unfamiliar with this kind of scam, you'll fail to notice that the fine print says that if you do so, you are automatically signing up for an auto renewing subscription service that charges you $5 per week via your cell phone provider.






Spotlight

Hackers indicted for stealing Apache helicopter training software

Posted on 1 October 2014.  |  Members of a computer hacking ring have been charged with breaking into computer networks of prominent technology companies and the US Army and stealing more than $100 million in intellectual property and other proprietary data.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Oct 2nd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //