14 DAY TRIAL // A new Facebook scam is reusing an older theme about a girl who killed herself, but also employs a clickjacking trick that forces users to propagate it.
Victims of this scam will end up unwillingly promoting a link to a page called "Girl killed herself, after her dad posted This to her Wall."
When opened, this page displays a Facebook-like alert box informing visitors that "The content you are about to view may be inappropriate for some users. It may contain shocking graphics, nudity or disrespect other individuals."
Clicking the available "Confirm" button takes users to another dialog box asking them to verify that they aren't bots. This involves clicking three buttons, numbered 1, 2 and 3, in a particular order.
These buttons are actually clickjacked and pressing them will actually post the link on their walls without any confirmation.
Clickjacking, or user interface redressing, refers to the practice of hiding buttons by making them transparent and positioning them over innocent-looking page elements.
This allows attackers to hijack a user's mouse click – hence the term clickjacking – and use to perform an unintended and potentially malicious action.
The end game is to get users to a page where they are asked to participate in one of several surveys in order to access the intriguing content.
These surveys attempt to sign-up people to premium rate services and the scammers receive a hefty commission for every time they succeed.
As we mentioned at the beginning of the article, we've seen the suicide girl theme used in Facebook scams before and we even wrote about it. It must have proven a very successful lure for the scammers to resurrect it.
At the time of writing this article, the rogue page is still online and was linked by over 2,200 users, despite it being reported to Facebook.
If you fell victim to the scam, go to your wall, locate the rogue spam message posted there and click the "remove" button. Also, unlike the page.
