Messages are beginning to spread across Facebook, tricking users into clicking on links which claim to point to the world’s funniest condom commercial.
The messages are spreading through a clickjacking scam (sometimes known as likejacking) which means that users do not realise that they are invisibly pressing that they “Like” the video when they try to play it.
A typical message looks something like the following (the actual link can change):
The World Funniest Condom Commercial - LOL
haha its really so funny ~ Dont Miss it !
The scam appears to be being perpetrated by the same gang who have been successfully spreading a “Baby born amazing effect” scam over the last several days.
Clicking on the links, which so far appear to all be hosted on blogspot.com, takes users to a webpage which urges visitors to click to watch the video.
The pages have the headline “The Funniest Condom Commercial”:
Click further at your own discretion – because the clickjacking scam is about to play its part in the scheme. If you try to play the video then you will be unwittingly saying that you “Like” the link, and sharing it with your friends. In this way the link spreads virally across Facebook.
By the way, there is a condom commercial shown at the end of this whole process, but the Argentinian TV advert is available for free on YouTube meaning that there was a way of viewing it which didn’t involve helping the scammers spread their link across the Facebook social network. (Oh, and the video is not that funny).
As regular readers of Sophos’s Facebook page will know, scams like this have been seen on far too many occasions.
Recently announced new Facebook security features were supposed to provide protection against clickjacking/likejacking schemes like this – but once again have unfortunately proven to be ineffectual.
If you were running anti-clickjacking protection, such as the NoScript add-on for Firefox, then you would see a warning message about the attempted clickjacking:
Here’s how you can clean-up your Facebook page.
Find the offending message on your Facebook page, and select “Remove post and unlike”. You could also choose to mark it as spam to alert Facebook’s security team.
Unfortunately that doesn’t completely remove the connection between the mischievous link and your Facebook page. You also need to go into your profile, choose Activities and Interests and remove any pages that you don’t want to “Like”.
Of course, attacks like this would find it much harder to spread if folks were much more careful about the links they clicked on when using Facebook – and if Facebook’s in-built security was more effective at stopping clickjacking attacks.
If you’re on Facebook and want to learn more about spam, malware, scams and other threats, you should join the Sophos Facebook page where we have a thriving community of over 80,000 people.
Hat-tip: Thanks to Naked Security reader Josh for first giving us a heads-up about this clickjacking scam spreading on Facebook
Leave a reply