Have any of your Facebook friends posted a status update with a link that grabs your attention? What if the Facebook status update told you not to ever drink Coca Cola again and offer a 'HORRIFIC video' to prove why? Would you be tempted to click on the link and view the video? I know I would.
A recent discovery that was first reported by security expert Graham Cluley, from security vendor Sophos, reveals that a number of Facebook users have been duped into updating their Facebook status with a message that reads:
I am part of the 98.0% of people that are NEVER gonna drink Coca Cola again after this HORRIFIC video --> http://www.[potentially malicious site]
Find out the TRUTH about Coke!!!
Figure 1. Facebook status update with 'Never gonna drink Coca Cola again after this HORRIFIC video' clickjacking link scam. Credit: sophos.com/blogs/gc/
After Cluley examined the link provided in this Facebook status update above (demonstrated in Figure 1), it was discovered that when clicked, it leads a user to a website that appears to offer a video with the words "9/10 People said they WOULDN'T drink Coca Cola After seeing this video!!!". Just like other similar instances of Facebook clickjacking that we've reported in the past, the video does not play. Instead it suggests to Facebook users that they can play the video if they click 'LIKE' or 'SHARE'. By clicking the 'LIKE' or 'SHARE' button, the user will have placed a link to the scam or fake video link onto their Facebook profile for their friends to click on. Basically, this scam can potentially become viral just by its rather simplistic clickjacking techniques.
The link directs you to a page that claims to poll other Facebook users who have 'Liked' the link. The page requires that you copy and post a message 7 times on Facebook in order to watch the video. Once you have done so, you later find out that you have not made any progress for viewing the promised video. After suggesting, or 'LIKING', the link to your friends you may grow weary and just click on the link that says the following:
>>>Cant Be Bothered To Wait? --> Click Hear To Skip This<<<
If you are at all familiar with the way online clickjacking or likejacking scams work, clicking on this 'Cant Be Bothered To Wait?' link you can only imagine what other goodies you will be confronted with. This link actually takes you to a survey page that asks you for personal information.
This type of Facebook clickjacking scam is rather clever in that it approaches gullible Facebook users from several different angles. Not only does it spread a link onto Facebook users' profiles, but it uses a popular brand-name (Coca Cola) to attract clicks eventually leading users to relinquish personal information.
As cautionary advisory, if you use Facebook, it is recommended that you avoid clicking persuasive links. It may be hard to resist clicking on a tempting link that a Facebook friend suggests to you or one that he/she has 'LIKED'. Please bear in mind that one's Facebook account does not have to be hacked or compromised in order for a malicious link to be posted. New threats and scams are discovered on Facebook almost every day and you must be vigilant in your social network activities at all times.