Facebook’s popular “Like” button feature is once again being exploited by scammers, this time with a potentially funny web site that leads users to iframe popups for the purpose of generating paid clicks.

Facebook’s “Like” feature is legitimately used by many large blogs and websites including ours, which allows users to place a link on their own Facebook profile of a post or story that they essentially “Like” or want to share with their friends. Ever since the conception of the Facebook “Like” or “Recommend” feature, it has appeared on several high traffic websites such as CNN.com and Mashable.com.

Anything new and popular on Facebook attracts hackers and scammers. Through new innovative features on Facebook, they find new ways to exploit a small percentage of the almost 500 million worldwide Facebook users. Facebook has had more than their fair share of issues this year when it comes to user privacy and security. Facebook Likejacking, comparable to Clickjacking scams, is just a new outlet for hackers to use for their scams and so far it is working.

The latest likejacking scam on Facebook that exploits the “Like” feature, somewhat similar to the one we reported about a jacked link to a rock band singer’s naked photo leaked, is one that appears as a funny website tempting users with the “15 worst construction mistakes EVER!” which displays a picture of two urinals placed very close to each other. The instructions printed on the image ask the users to click on the image for more. Once the image is clicked on, users are greeted with bogus popups, one of which is an online quiz, and then a “like” link is placed on their profile to share this same malicious link with other Facebook users.

Figure 1. Fake online quiz iframe popup from likejacking spamming attack. Source: zdnet.com

The endless loop of popups from this likejacking scam can be rather enticing for some computers users as they are offered “free Facebook layouts” and even false warnings stating “We have been receiving a lot of spambot traffic from an IP Address similar to yours. Please complete a quiz to unlock the page” which is shown in Figure 1 above. Such a social engineering tactic is used by the spammer to collect clicks for a CPA (cost-per-action) program which is designed to generate money when specific links are clicked on.

How do they generate these CPA clicks? From you of course, by using their likejacking scam to redirect you to the site hosting an iframe that over-lays items such as a fake online quiz popup. Little do computer users know, hidden underneath the iframe (popup quiz) is the actual CPA program links that the scammers are attempting to generate natural clicks on. By thinking you are answering a popup quiz you are actually generating a click for a hacker.

Have you ever been greeted with a popup quiz or tempted with a “funny” image from a Facebook link? Do you ever click on your Friends “Liked” links on Facebook?