Facebook Faces Another Privacy Threat
Remember ”Likejacking” from earlier this year? It was the Facebook-enabled clickjacking attack that tricks users into clicking links that mark the clicked site as one of your Facebook "likes." Well a new clickjacking attack is back with the main goal to scam money from users using Facebook’s “Share” feature.
What does it do?
The worm uses the Facebook’s “Share” feature to post content on your wall and lure friends to click and take a survey. Facebook users are asked to answer questions and then provide their cell phone number. Users are actually subscribing to an auto renewing paid phone service that charges $5 per week through their cell phone bill.
How does it spread?
It starts with a link to a Facebook page promising you to show some interesting content like- “10 Funny T-shirt Fails”. When you click on the link to see the content, you are prompted to go through a 3-step human verification process. The first step tells you about the verification and asks you click the Next button to continue (see the image below).
In the second step, you are asked to click the Next button and here’s where the deception begins. There is no functionality attached to the Next button, but underneath it is a hidden “Share” button. So when you click on the Next button in step 2, you are actually clicking on a Share button and posting the page to your profile wall.
You are then asked to go through a survey and at some point are asked to provide your personal information to participate in a contest. If you provide your cell phone number, you’ll be automatically subscribed to an auto renewing paid phone service costing you $5/week.
What should you do?
The security firm, Sophos first discovered the worm and posted a report to which Facebook immediately took action and deleted all such suspicious fan pages. To make sure you have not fallen victim to this scam, review your profile page and if you happen to see any suspicious content, delete it using the ‘Remove’ button.
If you need help maintaining your online privacy on Facebook or any other social networking site, give Support.com a call at 1-800-PC-Support (1-800-727-8776).