14 DAY TRIAL // A new likejacking attack currently making the rounds on Facebook is tricking users into spamming their friends and participating in surveys by using a Justin Bieber-themed lure.
As the name implies, likejacking attacks rely on forcing people to use the Facebook Like feature on rogue pages in order to advertise them to others.
In this case, the page mimics the appearance of YouTube and displays the thumbnail of a video entitled “I cant believe a GIRL did this because of Justin Bieber.”
A message warns users that the video is for adults in order to intrigue them even more. Clicking on the alleged thumbnail in order to play the movie tries to hijack the click and use it to “Like” the page without the user’s consent.
“It's unfortunate that almost eight months after likejacking started becoming common that Facebook has chosen to keep the simplicity of the ‘Like’ feature and not implement a confirmation option that would alert a user who is logged into Facebook that they are endorsing another scam,” writes Chester Wisniewski, a senior security advisor at Sophos.
After the likejacking occurs, the user is prompted to participate in a survery which tries to sign them up for a useless premium rate SMS service.
One particularity of this scam, according to Wisniewski, is that at one point, the user is asked if they’re not interested in selling their Facebook Fan pages.
The researcher concludes that the scammer is interested in buying fan pages with a fair share of followers, in order to spread spam more efficiently.
Justin Bieber’s popularity, especially with younger users who are easier to persuade, has been exploited by Facebook scammers many times in the past. In fact, this same lure was also used before in a slightly different form.
Most Facebook scams seen at the moment use rogue apps, because they are more persistent than Likes. Nevertheless, if you fell victim to this attack, make sure to unlike the page and remove any messages about it, that you might have posted on your wall.