Blog Archives

Why are you tagged in this video? It’s a viral Facebook scam , Please Avoid

Image representing Facebook as depicted in Cru...

Image via CrunchBase

Facebook users have been hit by another fast-spreading scam today, pretending to be a link to a YouTube video that they have been tagged in.

Facebook video scam

The scam messages use potential victims’ first names, claiming that they have been tagged in the “Youtube” video.

Phrases used in the attack include:

YO [name] why are you tagged in this video

WTF!! [name] why are you tagged in this video

hey [name] i cant believe youre tagged in this video

hey [name] you look so stupid in this video

omg! [name] why are you tagged in this vid

OMG [name] why are you in this video

Each “video” has a random number of views and likes, but the length of the movie always appears to be 2:34. Eagle-eyed Facebook users might realise something is awry when they see that the links refer to “Youtube” rather than the rather more accurate “YouTube”.

But if you do make the mistake of clicking on the video thumbnail you will be taken to a webpage which tries to trick you into cutting-and-pasting a malicious JavaScript code into your browser’s address bar (this appears to be one of the scammers’ favourite methods of attack at the moment).

You have to concede, it’s a cunning piece of social engineering by the bad guys. Wouldn’t you want to see a video that your Facebook friends say you have been tagged in?

If you’re a regular user of Facebook, make sure you join the Sophos page on Facebook to be kept informed of the latest security threats.

Source :- http://nakedsecurity.sophos.com

Facebook comment-jacking? OMG! I Can’t believe JUSTIN Bieber did THIS to a girl

It’s starting to seem like Facebook can’t win against those who wish to use their service to scam, spam and simply cause trouble. Over the last day or so, a new type of attack has been spreading using the phrase “OMG! I Can’t believe JUSTIN Bieber did THIS to a girl”.

It leads to a page asking you to verify a simple math problem to “prevent bots from slowing down the site”. In actuality, it is another clickjack-type scheme in which you are asked to type the answer into a box.

Comment-jack security check

It doesn’t matter what you type, because it’s a social engineering trick. What you are actually typing is a comment that is used to share the link with your friends on Facebook. You can see the tooltip that says “Add a Comment” in the screenshot.

This bypasses Facebook’s recent attempt at detecting likejacking fraud. Links you comment on are not using the same mechanisms that Facebook is monitoring when you click “Like”.

Many moons ago, the first Facebook attacks started with illegitimate applications asking for permission to access your wall and spread their messages by spamming your friends through wall posts. While this worked well, it was a bit easy for Facebook to track down and remove the bogus apps.

Early in 2010 we saw the first attempts at likejacking. This technique involves layering one image over the top of a Like button and tricking the victim into clicking something that appears to play a video or a continue button, when in fact they are clicking the Like button hidden underneath.

Facebook Bieber scam wall post

More recently we have seen the attackers trying lots of new techniques. In the past few months we have seen them tagging people in photos they are not in to get you to click, inviting people to fake events and even making you an administrator of a Facebook page that isn’t yours.

While protecting yourself may not be as simple as not clicking anything that says “OMG!” that isn’t a bad start. Be skeptical, understand that messages from your friends may not in fact have been sent to you willingly, and if you are really tempted to click, take a short timeout to conduct a Google/Bing search.

As of the time of this writing some of the YouTube videos this scam leads to have been removed by YouTube. However, one video that is still working has over 525,000,000 views since February and thousands of comments in the last 24 hours — in other words, since this Facebook scam has been making the rounds.

To stay up to date on the latest threats, follow us on Facebook. For advice on how to configure your profile to protect your privacy check out This recommendations for Facebook settings.

Source :- http://nakedsecurity.sophos.com

%d bloggers like this: