New Clickjacking Scam Hits Facebook, Tries to Charge Your Phone Bill
The security experts over at Sophos have just unearthed a new clickjacking scam making its way around Facebook, and, if you fall prey to it, you might end up losing some cash. This latest scam looks similar to a previous worm that spread throughout Facebook by tricking users into "liking" malicious pages. Instead of exploiting the "like" button, though, this new "sharejack" scam relies on the "share" feature to silently post content to users' Walls.
The trap originates on a sketchy-looking fan page, usually titled "10 Funny T-Shirt FAILS ROFL," or something similarly dumb. If you open the page, a message will pop up, claiming that you have to go through Facebook's new three-step verification process in order to view the content. In the second part of the verification, the page will prompt you to click a "next" button, which, as you might guess, isn't what it seems. By clicking the button, you'll inadvertently share the page with all of your friends. But that's not the end.
Once you get to the third step, the page will ask you to fill out a survey where you'll have to enter your personal information (including your phone number) for a chance to win a prize. Hidden in the fine print, however, is a clause that says you'll be charged an extra $5 per week on your phone bill, as part of a so-called "Awesome Test."
Luckily, Facebook has reportedly removed all of the fan pages associated with this scam (which is why the name keeps changing). If you think you've been targeted, PC World wisely recommends removing any bogus links from your profile, and contacting your mobile service provider, in the event that you completed the survey. [From: Sophos and PC World]