Facebook clickjacking joins growing list of social network scams
This has been a busy week for Facebook scams. Today Facebook warned users about a new clickjacking scam that milks $5 a week from cell phone accounts by exploiting Facebook’s “Share” feature. The Facebook clickjacking scam emerged a few days after the Facebook dislike button scam. Both scams use bogus Facebook buttons much like the Facebook likejacking scam discovered last May. Facebook users can protect themselves against the growing list of scams by learning how to recognize typical red flags.
How Facebook clickjacking works
The Facebook clickjacking scam uses the Share feature that posts content to the profile wall where friends are encouraged to click on it. Here’s how the clickjacking scam works, according to PC World:
A user clicks a link to a Facebook page for “10 Funny T-Shirt Fails” for example. Once on the page, a message says Facebook’s new three-step human verification process is required to see the content. On step two, users are asked to click the “Next” button. The Next button is a dummy. Hidden underneath is a real Share button. When users click Next to get to the final step, they actually post that page to their profile wall. Lured to step three, users are asked for personal information to enter a contest. Among other things, the survey asks for a cell phone number. Down in the survey’s fine print it says providing the data tacks an extra $5 per week onto the users cell phone bill for a service called “The Awesome Test.”
The Facebook dislike button scam
The Facebook dislike button scam emerged because of Facebook user demand. Facebook does not yet have a “Dislike” button. Walletpop reports that the scam involves a bogus “Dislike” button designed to install malicious spyware for identity theft. The bogus button appears with a message: “Get the official DISLIKE button now,” followed by a link. The link leads to a bogus “install” page. If the button were real, Facebook would automatically add it to users’ profiles. To install, the scam prompts users to allow the application to run. Then they are asked to complete a survey — the same trick used in the Facebook clickjacking scam.
Be on the lookout for more Facebook scams
Facebook removed all the fan pages involved in the clickjacking scam. Anyone who filled out the survey should call their cell phone company. Reuters reports that Facebook users can learn to recognize scam patterns. Be skeptical and use common sense. Beware of status updates from friends that seem out of character, like a heavy metal dude posting about Justin Bieber. Pay attention to time elapsed since the status update was written and how it was delivered. Messages sent via Facebook don’t need their own apps, like the “Official Dislike Button.” And scams will always give themselves away by sending users away from Facebook to another website.