If you haven’t heard already, it’s Shark Week on the Discovery Network. Around the clock radio and TV advertisements have fueled massive social network buzz on the Internet and Shark Week remains in the top 3 trending topics on Twitter at the time of writing this post

CPA (cost-per-action) affiliates who have been running clickjacking scams on Facebook for quite some time now were quick to capitalize on the 2.6 million daily Shark Week viewers by creating a Facebook application which advertises a “shocking video” of a girl being attacked by a shark.

Shark Week Clickjack

Clicking on the video link starts a clickjacking attack which causes you to automatically “like” and spam the link out on your wall.  At this point, all of your friends will see that you “liked” this “video” and soon they might be affected as well.

Okay, so where is the video?  There is no video!  These attackers are employing CPA (cost-per-action) affiliate schemes which earn them money each time a victim completes a task, such as a survey.

Below is what the typical redirects look like after clicking on the link.  Each line is a new CPA link earning the attackers money.

ScreenHunter_37 Aug. 04 21.59

The best way to avoid these attacks is stay clear of anything that tries too hard to get your attention.  The terms “shocking”, “news breaking”, “OMG”, and “You gotta see this” are typically great indicators of a potential clickjacking attack.