Viral videos are usually a great laugh, which is why they spread so quickly and the reason they get called viral in the first place. But the laughter soon stops when the bad guys use the lure of a viral video to launch a clickjacking attack.
Security researchers at Sophos are warning that scammers have struck on Facebook with a message that is spreading fast by proclaiming "I am part of the 98.0% of people that are NEVER gonna drink Coca Cola again after this HORRIFIC video" and which includes a link.
What makes this particular attack stand out from recent clickjacking exploits, is the fact that the bad guys ensure that people will pass the message to their Facebook friends by telling them that in order to actually view the video they have to share it with at least seven members.
Of course, it doesn't actually matter how many times that link is shared because there is no video to play. It looks like there is, with a thumbnail of a video showing a Cola bottle and the words 'Coke can't hide its CRIMES' but it's just a thumbnail and nothing more. The social engineering psychology comes into play by including a link which says "Click here To Skip Posting and Reveal The Content" instead of continually checking to see if you've passed the link to enough people.
If you hit this link, you get taken to a survey section which harvests personal information.
"With this Coca Cola scam, users are actively sharing the post numerous times and then they’re volunteering personal information – all because the temptation to see a video is too much to resist" says Graham Cluley, the senior technology consultant at Sophos adding "the users who try and watch this video have no way of knowing how their personal information may be used - the only people who will benefit are the scammers behind the attack".
As usual, if you have already fallen for this particular scam then you are advised to go to your profile and click on the info tab from where you can remove the scammer pages from the 'likes and interests' section.
I'm a hacker turned writer and consultant, specialising in IT security. I've been a freelance word punk for over 20 years and along the way I have seen 23 of my books published, produced and presented programmes for TV and radio, picked up a bunch of awards and continue being a contributing editor with PC Pro - the best selling IT magazine in the UK .