14 DAY TRIAL // New scams have hit Facebook over the weekend and are using McDonalds and texting lures to trick users into visiting clickjacking-enabled pages.
One of the attacks starts with a message reading "OMG... Look What This 6 YEAR OLD found in Her HAPPY MEAL from McDonalds! on CLICK HERE TO SEE."
The included link takes users to an external page designed to look as if it's part of Facebook. The page displays a video thumbnail and a play button.
"If you click on what appears to be the 'Play' button on the video, you are really being clickjacked," warns Graham Cluley, a senior technology consultant at Sophos.
"You may believe you are just asking the video to play, but in fact your mouse clicks are invisibly confirming that you 'Like' the 'Look What This 6 YEAR OLD found in Her HAPPY MEAL from McDonalds!' page, and sharing it with your friends via your newsfeed," he explains.
Of all the survey scams on Facebook, the clickjacking-enabled ones are the most dangerous ones, because they require little interaction from users and are usually harder to spot.
Clickjacking attacks abuse legit Web design techniques to make certain page elements, like buttons, invisible and superimpose them onto others in a way that hijacks mous clicks to perform unintended actions.
A second Facebook scam launched during the weekend produces spam messages, that read "I Will NEVER TEXT Again After Seeing THIS!!" and leads to a page employing the same video thumbnail clickjacking trick.
Both the McDonalds and texting themes have been used in survey scams on several occasions, which suggests that they are successful lures.
Facebook recently announced a crackdown on spammers and affiliate marketing scams and has taken two individuals and a company to court over such attacks.
However,so far, the prospect of having legal action launched against them doesn't seem to scare affiliate marketing scammers off.
If you fell for any of these tricks, make sure to remove the spam messages from your wall and also unlike the rogue pages.