Dozens of fake links promising sensational videos are spreading rapidly across the social network and attacking unsuspecting users.
Over the past few hours, dozens of my friends have shared a link on Facebook to one video or another -- "Watch how people react to a little girl in white, left in a hotel corridor," "This Girls Parents Took A Picture Of Her Everyday For 10 years (video)," and something about a fat man documenting his diet in pictures. Each one looks like a traditional 'Share,' complete with thumbnail and timestamp. But each leads to one of several Likejacking sites that have been spreading across the social network this past weekend.
As soon as you click on any of the videos, you're taken to FouTube, YoTube, FbVideo or another site where, once you take a second to look around, you'll probably notice something is amiss and close your browser's window. But by then it's too late: The video has already been posted to your own Facebook wall as if you wanted to recommend it to all of your friends and, because we all spend too much time on the site, several have probably seen it.
If, upon visiting FouTube, you don't immediately recognize that the site is an obvious scam, you might dive deeper and complete a survey -- for which the site's operator is paid a commission -- providing sensitive personal information in order to unlock the video you were lured in to watch in the first place.
Scams like this used to be called clickjacking, but Facebook has made it a lot easier for these little tricks to go viral, spreading to hundreds of thousands of users within a matter of minutes. Because the site, which now has more than 600 million active users, has changed the game for scammers by providing such scale, the term has been modified to Likejacking when it applies to Facebook.
I've written about Facebook privacy issues for a while now -- and even I fell for it. What can I say? I love a sensational video.
To clean up your trail, visit your own wall and delete the shared post immediately. It's unclear yet if the scams will harm you in any other way, though one security site, Sophos, warns that, if your phone number is shared on your wall, you might want to keep an eye on the bill. "And if you entered your mobile phone number, you should keep a close eye on your cellphone bill and notify your carrier to prevent bogus charges from stinging you in the wallet," Graham Cluley wrote.
To protect yourself from clickjacking attacks in the future, download and install a browser plugin like NoScript, which blocks active scripts from running on any websites in which you haven't indicated trust.