Facebook users have been subjected to clickjacking attacks that force them to authorize actions they had no intention of approving.
The latest few campaigns seen by SophosLabs, for instance, target Italian users of the social network.
COCA COLA: Dopo aver visto questo video non berrò più coca cola. Svelata la ricetta segreta. Guarda il video verita
Which translates as: “COCA COLA: After watching this video you won’t drink Coca Cola. The secret recipe revealed. Watch the video truth.”
LO SCHERZO DI SAN VALENTINO CHE STA FACENDO IL GIRO DEL MONDO! TE RETO A VER ESTA PAGINA PARA 5 SEGUNDOS SIN REIRTE
Which translates as: “THE VALENTINE’S DAY JOKE THAT IS GOING AROUND THE WORLD! I CHALLENGE YOU TO VIEW THIS PAGE FOR 5 SECONDS WITHOUT LAUGHING.”
All of these Facebook scams use clickjacking techniques to trick the user into “liking” them.
SophosLabs is intercepting the suspicious pages as Mal/FBJack-A.
Facebook users can protect themselves from clickjacking threats like this by using browser plugins such as NoScript for Firefox.
Source: NakedSecurity | Sophos