'Top T-Shirt Fails' Facebook Scam Employs Clickjacking

Security researchers from Sophos warn that a new Facebook survey scam forces users to advertise rogue pages from their profiles by employing clickjacking techniques.

The attack starts as most Facebook scams, with a spam message sent by someone in your friends list containing a link to a rogue page, in this case about some "Top 10 Funny T-Shirt Fails."

Apparently, several of these pages were created by the scammers and all of them feature a tab called "VIEW HERE," where users clicking on the spammed links get directed.

Visiting this tab will initiate a three-step process deceptively entitled "facebook human verification," which allegedly needs to be completed in order to view the content.

"Once the page is loaded, it loads the appropriate tab and grabs the malicious script from an external domain that silently forces the user automatically share the page on their profile," Onur Komili, Researcher, SophosLabs, Canada, warns.

However, unlike other similar scams which ask the user to manually Like and Share the rogue page, this one employs clickjacking to achieve the same effect transparently to the user.

Clickjacking, which is technically known as user interface (UI) redressing, is a type of attack where a hidden object is positioned underneath the user's mouse pointer in order to hijack their click and perform an action without their approval.

In this case a hidden Facebook Share button is positioned over the Next one on Step 2 of the "facebook human verification" dialog.

Firefox users who use the NoScript extension will see a warning about a clickjacking attempt being blocked when they click the Next button.

The third step of the rogue process asks users to complete one of several surveys, which have the purpose of subscribing them to a premium mobile service costing $5/week.

If you encountered this scam and went through the rogue verification process, please check your profile immediately and remove any messages that might have been posted without your knowledge.