Security firm Sophos recently discovered a new clickjacking scam on Facebook that spreads via the social network’s “share” feature and could be costing you $5 a week. The new malware is similar to a so-called “likejacking” worm discovered last May. But instead of exploiting Facebook’s “Like” button, the new scam uses the “Share” feature that posts content to your profile wall where your friends are encouraged to click on it.
This is the second Facebook scam reported on by Sophos in recent days. On Monday, the security firm alerted Facebook users to an enticing scam that allowed you to add a “Dislike” button to your profile.
Here’s how the “Share” button scam works:
You see a link to a Facebook page for “10 Funny T-Shirt Fails” or something similar. Once you arrive on the page, a message tells you that you have to go through Facebook’s new three-step human verification process in order to see the content.
On the second step, you are asked to click the “Next” button, and that’s where the scam really begins, according to Sophos. That’s because the “Next” button doesn’t actually have any functionality and is just a dummy. But hidden underneath the “Next” button is a functional “Share” button. So while it looks like you are just clicking on “Next” to get to the final step, what you are actually doing is posting that page to your profile wall using the Share function. (Click on the image for a large view of the screen.)
But the scam doesn’t end there. The whole point is to get you to the third step where you fill out a revenue-generating survey for the scammers. The surveys ask you to provide your personal information to enter a contest to win money, a computer, or other prize. The survey Sophos examined asks for your cell phone number among other things. But down in the survey’s fine print it says providing your information will end up tacking an extra $5 per week onto your cell phone bill for a service called “The Awesome Test.”
Facebook responded fairly quickly to Sophos’ report and removed all the fan pages involved in the “sharejack.” Nevertheless, if you think you might have fallen prey to the scam you should check to make sure any links associated with the phony pages have been removed from your profile wall. If they haven’t, hover your mouse over the link and then click the “Remove” button in the upper right corner of the wall post.
If you went so far as to fill out the survey, then you should contact your carrier immediately to see if you have any excess charges on your cell phone bill.