14 DAY TRIAL // Spammers took advantage of people's interest into Lily Allen's wedding over the weekend and launched a clickjacking attack on Facebook using the singer as lure.
According to security researchers from Sophos who spotted the attack, the spam messages spread by the scam's victims read: "Lily Allen shows her breasts on British television! [LINK] In a broadcast on Channel 4, the singer Lilly Allen shows us her beautiful breasts."
"That's probably not the kind of thing that pop star Lily Allen wants spreading around on Facebook on the very same weekend that she's getting married," Sophos senior technology consultant Graham Cluley noted.
Nevertheless, enough people seem to have fallen for the trick and clicked on the link that took them to a clickjacking page.
Clickjacking refers to a type of attack that involves making a button transparent and positioning it over an innocuous looking one. As a result the user thinks he does a safe action, but in reality his click is hijacked for unauthorized purposes.
In the case of Facebook clickjacking attacks, scammers usually display a video player and position the hidden Like button over the play one. When users click play to start viewing the promised video, they are actually liking the page without their knowledge.
Facebook recently introduced a clickjacking filter that is supposed to detect suspicious Like patterns and prompt users for additional confirmation. However, the system doesn't seem to be very effective. By the time it kicks in, the scam already mutates and a large number of users have already been affected.
People who believe they might have fallen victim to such attacks should remove any spam messages posted on their wall and unlike the rogue pages by editing their profile settings, going to "Activities and Interests > Show other pages" and removing them from the list.