contadores de paginas web Saltar al contenido

Like Clickjacking + Fake YouTube with surveys

Clickjacking-noscript

The next message posted on a wall Facebook links to a false page which appears to be a video portal like YouTube:

Message posted on the wall Page with fake videos and a hidden Like button

By doing click anywhere on the page actually clicking on a Like button that's hiddenThis technique is called clickjacking and allows visitors to unknowingly click on hidden items.

Since the user is already logged in to Facebook, a message will be automatically published on their wall similar to the one in the first capture, in this way the false page spreads and more users visit it.

The attackers' goal is make money, when trying to see the supposed video a verification window showing different surveys (surveys) according to the country, every time one is completed the attackers earn money (see examples of these surveys):

Window showing surveys when clicking on the page

They have been using this technique for months and the results obtained are quite good, there are even kits for sale that do all this automatically.

To the left of the screenshot you can see the number 810 in a red rectangle, that is a counter that indicates the number of people on the page at that time. All those visitors agreed, deceived by the message posted on the wall of one of their friends who fell into the trap, assuming that only 100 of those 800 answered a survey, it would generate about 10 or 15 dollars of profit.

Facebook quickly blocks these bogus pages thanks to the reporting system, but attackers change the URL and it all starts again, it's viral and massive. Control should also be on the side of the companies that offer these survey systems to make money, but they seem to turn a blind eye to these abuses, in fact, Facebook recently sued a company for this kind of spam.

The clickjacking It has a limitation and that is that in Internet Explorer 8, Safari, Chrome and Opera it does not work … that is to say that the automatic message that makes the campaign viral within Facebook works if the victim uses Firefox or a version prior to IE8.

Finally I leave a screenshot of what happens when accessing the fake page with the Firefox NoScript plugin:

NoScript detects and blocks the Clickjacking attempt

NoScript, in addition to avoiding the loading of unknown scripts, detect clickjacking and block it.

Thanks Ricardo for the warning!

See also: Would you like to fly free? Beware of this scam. Oil check gives away checks for a thousand dollars.