Facebook clickjacking scam tries to rip off users
Posted on 18 August 2010.
If you happen to see a post on your friends' Facebook pages about "Top 10 Funny T-Shirt Fails ROFL", don't fall for it.

It's just another scheme to hijack your click and use it to make you post the same thing on your page without your knowledge. Also, if you follow the steps you are required to follow in order to view the "funny pictures", you can be saddled with a $5 per week charge for a phone service you didn't ask for.

The scheme works like this:

You go to the "Top 10 Funny.." Facebook page, which immediately after loading grabs a malicious script that makes you share the page on your profile without your knowledge. In the meantime, it presents to you a box that says that you have to complete three steps in order to prove that you're human and not a bot.

The human verification process also requires you to complete a survey:

A Sophos researcher say that this is the moment when a script detection plugin (he uses NoScript) will likely warn you about a potential clickjacking attempt:

If you don't use any, you might not notice that the offending post is now on you profile page trying to trick your friends into clicking on it.

In the meantime, if you fill up one of the surveys offered, you will probably be asked to give up your mobile phone number. If you are unfamiliar with this kind of scam, you'll fail to notice that the fine print says that if you do so, you are automatically signing up for an auto renewing subscription service that charges you $5 per week via your cell phone provider.


New Zeus variant targets users of 150 banks

Posted on 19 December 2014.  |  A new variant of the infamous Zeus banking and information-stealing Trojan has been created to target the users of over 150 different banks and 20 payment systems in 15 countries, including the UK, the US, Russia, Spain and Japan.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Mon, Dec 22nd