14 DAY TRIAL // A new likejacking scam is currently spreading on Facebook by using a sexy teacher video as lure to trick people into taking part in surveys.
Users affected by this scam will end up posting wall messages that read: "[URL] When our new teacher terns towards a blackboard students are go haywire. VIDEO: New Teacher from behind"
According to Chester Wisniewski, senior security advisor at antivirus vendor Sophos, in this case scammers are using various URL shorteners and direct links.
The URLs point to pages that display a video player thumbnail with a partially censored image of a woman facing a blackboard.
Trying to click the play button triggers an unauthorized "Like" action on the user's behalf, without their knowledge.
This is achieved through an attack technique known as clickjacking, which involves hijacking clicks by hiding rogue page elements like buttons and positioning them over innocuous-looking ones.
Mr. Wisniewski suggests Firefox with the NoScript extension as possible mitigation against clickjacking, or opening links received on Facebook in a secondary browser where the user is not authenticated.
NoScript is a security extension that can stop several types of attacks including cross-site scripting (XSS), cross-site request forgery (CSRF) and clickjacking, also known as user interface (UI) redressing.
In addition, it can also block most drive-by download attacks launched from injected websites, because by default the extension doesn't allow scripts to be loaded from third-party domains.
NoScript's biggest drawback is that it has a learning curve and it takes some time to add the most frequented websites to the whitelist. This could pose problems for less technical users.
Opening Facebook links in a secondary browser is not very convenient either, but unfortunately there aren't many other options unless Facebook decides to add some sort of confirmation prompt to the Like action.