If you haven’t heard already, it’s Shark Week on the Discovery Network. Around the clock radio and TV advertisements have fueled massive social network buzz on the Internet and Shark Week remains in the top 3 trending topics on Twitter at the time of writing this post
CPA (cost-per-action) affiliates who have been running clickjacking scams on Facebook for quite some time now were quick to capitalize on the 2.6 million daily Shark Week viewers by creating a Facebook application which advertises a “shocking video” of a girl being attacked by a shark.
Clicking on the video link starts a clickjacking attack which causes you to automatically “like” and spam the link out on your wall. At this point, all of your friends will see that you “liked” this “video” and soon they might be affected as well.
Okay, so where is the video? There is no video! These attackers are employing CPA (cost-per-action) affiliate schemes which earn them money each time a victim completes a task, such as a survey.
Below is what the typical redirects look like after clicking on the link. Each line is a new CPA link earning the attackers money.
The best way to avoid these attacks is stay clear of anything that tries too hard to get your attention. The terms “shocking”, “news breaking”, “OMG”, and “You gotta see this” are typically great indicators of a potential clickjacking attack.
Panda Security specializes in the development of endpoint security products and is part of the WatchGuard portfolio of IT security solutions. Initially focused on the development of antivirus software, the company has since expanded its line of business to advanced cyber-security services with technology for preventing cyber-crime.
1 comment
Okay, so where is the video? There is no video! These attackers are employing CPA (cost-per-action) affiliate schemes which earn them money each time a victim completes a task, such as a survey. Thank you