Sunday, March 20, 2011

Facebook “New Teacher From Behind” Likejacking Attack Spreading Fast.

By Cesar Ortiz
A new variation in an old technique in scamming is spreading rapidly, over 6,000 users, and climbing, have fall into this Facebook "New teacher from behind" likejacking attack. Likejacking, a form of clickjacking, is a malicious technique of tricking users of a website into posting a Facebook status update for a site they did not intentionally mean to "like".

The scam is unique because it uses some techniques not widely used before (1) Uses many different URL address shorteners, including,, and even direct URLs to domains registered in .info and .ro top-level domains. (2) This attack only requires that you are using a modern browser and are logged into a Facebook account. It works regardless of the operating system your device uses, including Windows, OS X, Linux, iOS, Android and even more. (3) Even when you are not logged in to Facebook, you are presented with a pop-up window asking you to login to Facebook to see the "New teacher from behind" video. This is a clear tell-tale that it is an attempt to likejack your account.

This attack includes a fake “clearClick Warning” that tricks you to avoid a fake “Potential Clickjacking/UI Redressing Attempt!” that takes you to click on an image. The scam will Po-Up surveys (money for the scammers) that appear to be from credible sources, like CNN. If a user is asked for his or her telephone number in order to provide some access to videos, including one from the “naked from behind teacher”, the problem gets worse and the victim can expect many charges in phone calls and text messages (money for the scammer).

If you made the mistake of clicking on a link spread via a scam message like the one listed above, you should check your Facebook news feed and remove any offending links that you might have spammed out to your friends. Hover your mouse over the top right hand corner of the post and you should see a small "x" which will allow you to remove it. Users that where victimized  and entered their mobile phone number, should keep a close eye on the cell phone bill and notify the phone carrier to prevent fake charges.


No comments: