|Facebook page with clickjacking scam|
The scam appears within a Facebook page entitled 'This poor girl killed herself right after her dad posted this to her wall', which was still live at the time of this blog posting. When viewed, a user is first presented with a warning message, which is must first be accepted in order to display third party content within the following IFRAME:
|IFRAME with clickjacking attack|
|NoScript block screen revealing obfuscated 'Like' button|
The overall purpose of the scam is fairly typical of clickjacking attacks that we've seen to date. When a user follows through and clicks on the buttons, they will unintentionally promote the page within Facebook and then be redirected to scams that the attacker presumably receives click-thru revenue from. It's always amazing to me how lucrative these attacks can be. As can be seen in the screenshot of people that 'like' the page, hundreds of people have already fallen victim and that number quickly grew as I wrote this post.
|Victims of the scam|
The sites ultimately being advertised range from software to car insurance.
|Sites promoted by the scam|
Fortunately this scam did nothing to infect a victim's PC, but I suspect that the victims are a little embarrassed that they fell for it...and Facebook is there to inform the world.