14 DAY TRIAL // Security researchers warn of a new Facebook scam trying to use a shocking element to lure people. However, what is particularly interesting about this one is that it employs a clickjacking trick.
This latest scam uses a rather grim theme, which is probably why the number of affected people is not yet into the hundreds of thousands. “OMG The Most Shocking Video Caught On Camera Girl Being Attacked By A Shark,” the associated spam reads.
Clicking on the link included in the messages leads to a rogue Facebook application page. Like most such scam, this one also tries to get users to jump through hoops in order to access the promised video, which in reality doesn't even exist.
The page displays a bar with differently colored sections and users are instructed to click on the red and blue ones. “If you agree to click on the coloured buttons (and I have to wonder why you would) then you are actually being clickjacked - secretly liking and sharing the link with all of your Facebook friends,” Graham Cluley, a senior technology consultant at Sophos, warns.
Clickjacking, or more technically known as user interface (UI) redressing, is a type of attack where CSS and JavaScript tricks are used to hijack a mouse click by placing an invisible button over another clickable element on the page. Last month security researchers found a clickjacking bug on Facebook, which could have been leveraged to force users into Liking pages transparently.
However, in this latest case the scammers seem to have completely missed the point of clickjacking attacks and explicitly tell the users what will happen if they click the buttons. This doesn't seem to stop many from doing it regardless.
If you're one of those people who take an interest into shark attack videos and were tricked by this scam, you'd better remove all messages posted on your wall about it and unlike that rogue page. This will prevent your friends and family members from becoming victims too.
You can follow the editor on Twitter @lconstantin