Leads users to a survey scam

Jul 15, 2010 13:38 GMT  ·  By

A new Facebook spam campaign is using a Coca Cola horrific video lure to trick users into visiting a malicious page. Victims are encouraged to propagate the rogue messages and end up with their personal information stolen.

“I am part of the 98.0% of people that are NEVER gonna drink Coca Cola again after this HORRIFIC video ? [url] Find out the TRUTH about Coke!!!” the spam reads. This can be added in various places, for example as a NewsFeed entry or even a Calendar event.

Clicking on the link takes users to an external site displaying an image mimicking an embedded video player. However, instructions on the page reveal that the video can only be played if the user agrees to spread the news about it on Facebook.

This is allegedly done in three steps. The first requires the user to “Like” the page. Judging by the number displayed next to the Like button, over 19,000 people have fallen for this scam so far. The second requirement is to “Share” the link on Facebook, while the third step asks the user to copy and paste the spam message cited above for seven times on Facebook.

“The page claims to poll whether you have shared the link enough (in order to allow the video to be viewed). But when you realise you're not making any progress - despite your valiant attempts to recommend the link to all and sundry - you might hit the link which says: >>>Cant Be Botherd To Wait? --> Click Here To Skip This<<<. And this link takes you to a survey which asks you for all sorts of personal information,” Graham Cluley, senior technology consultant at Sophos, warns.

While this scam relies on social engineering tricks to convince Facebook users to liking the page, there are methods to achieve the same result without their permission. Just yesterday, we reported a clickjacking vulnerability, which could be exploited to do exactly that in a manner that is completely transparent to users.

You can follow the editor on Twitter @lconstantin