Friday 5 August 2011

Lady Gaga found dead in hotel room? Beware Facebook clickjacking scam | Naked Security

Has Lady Gaga really been found dead in a hotel room? A scam which has spread rapidly across Facebook would certainly like you to think so.

Heres's an example of a message that is being seen spreading virally on Facebook, posing as a link to a BBC TV News report.

Lady Gaga found dead in hotel room

BREAKING: Lady Gaga Found Dead in Hotel Room
This is the most awful day in US history

Wow. I mean, yes, it would be tragic if Lady Gaga were to die, but.. seriously.. "the most awful day in US history"?

Anyway, if you are tricked into clicking on the link you are taken ultimately (via a website which sloppily allows an open redirect) to a webpage that pretends to contain a BBC News video report:

Fake BBC website

Watch out, though, if you try to play the video as this is a clickjacking scam which attempts to silently say you "Like" the page when you click with your mouse.

Users who have installed a browser add-on such a NoScript for Firefox will see a message warning them of the peril of being clickjacked.

Clickjacking intercepted by NoScript

If you've been hit by a scam like this, remove the messages and likes from your Facebook page - and warn your friends not to click on the offending links. Clearly there's much more work which needs to be done by Facebook to prevent these sorts of messages spreading so rapidly.

If you're a Facebook user and want to keep up on the latest threats and security news I would recommend you join the Sophos Facebook page - where more than 100,000 people regularly discuss the latest attacks.

You could also do a lot worse than check out our best practices for better privacy and security on Facebook guide.