Support.com
Need Help Now?

Support.com Blog

Facebook Faces Another Privacy Threat

Posted on: 08/26/10


Remember ”Likejacking” from earlier this year? It was the Facebook-enabled clickjacking attack that tricks users into clicking links that mark the clicked site as one of your Facebook "likes." Well a new clickjacking attack is back with the main goal to scam money from users using Facebook’s “Share” feature.


What does it do?

The worm uses the Facebook’s “Share” feature to post content on your wall and lure friends to click and take a survey. Facebook users are asked to answer questions and then provide their cell phone number. Users are actually subscribing to an auto renewing paid phone service that charges $5 per week through their cell phone bill.

How does it spread?

It starts with a link to a Facebook page promising you to show some interesting content like- “10 Funny T-shirt Fails”. When you click on the link to see the content, you are prompted to go through a 3-step human verification process. The first step tells you about the verification and asks you click the Next button to continue (see the image below).


 
In the second step, you are asked to click the Next button and here’s where the deception begins. There is no functionality attached to the Next button, but underneath it is a hidden “Share” button. So when you click on the Next button in step 2, you are actually clicking on a Share button and posting the page to your profile wall.


 
You are then asked to go through a survey and at some point are asked to provide your personal information to participate in a contest. If you provide your cell phone number, you’ll be automatically subscribed to an auto renewing paid phone service costing you $5/week.


 
What should you do?

The security firm, Sophos first discovered the worm and posted a report to which Facebook immediately took action and deleted all such suspicious fan pages. To make sure you have not fallen victim to this scam, review your profile page and if you happen to see any suspicious content, delete it using the ‘Remove’ button.

If you are using Mozilla Firefox to browse Facebook, get the NoScript add-on.  The add-on prevents a website form from executing any Flash, Java, and JavaScript functions without your permission.


 
If you need help maintaining your online privacy on Facebook or any other social networking site, give Support.com a call at 1-800-PC-Support (1-800-727-8776).

[Image Source]



Edit your comment

The content of this field is kept private and will not be shown publicly.
CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
3 + 13 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.
Subscribe Via RSS
Watch On YouTube

Copyright © 2014 Support.com, Inc. All rights reserved. Support.com, the Support.com logo, and Personal Technology Experts are trademarks or registered trademarks of Support.com, Inc. in the United States and other countries. All other trademarks are the property of their respective owners. Terms and conditions, features, pricing and service options subject to change without notice.

Social Media Connect with us on Facebook Follow us on Twitter Connect with us on YouTube Connect with us on LinkedIn