Viral videos are usually a great laugh, which is why they spread so quickly and the reason they get called viral in the first place. But the laughter soon stops when the bad guys use the lure of a viral video to launch a clickjacking attack.

Security researchers at Sophos are warning that scammers have struck on Facebook with a message that is spreading fast by proclaiming "I am part of the 98.0% of people that are NEVER gonna drink Coca Cola again after this HORRIFIC video" and which includes a link.

What makes this particular attack stand out from recent clickjacking exploits, is the fact that the bad guys ensure that people will pass the message to their Facebook friends by telling them that in order to actually view the video they have to share it with at least seven members.

Of course, it doesn't actually matter how many times that link is shared because there is no video to play. It looks like there is, with a thumbnail of a video showing a Cola bottle and the words 'Coke can't hide its CRIMES' but it's just a thumbnail and nothing more. The social engineering psychology comes into play by including a link which says "Click here To Skip Posting and Reveal The Content" instead of continually checking to see if you've passed the link to enough people. If you hit this link, you get taken to a survey section which harvests personal information.

"With this Coca Cola scam, users are actively sharing the post numerous times and then they’re volunteering personal information – all because the temptation to see a video is too much to resist" says Graham Cluley, the senior technology consultant at Sophos adding "the users who try and watch this video have no way of knowing how their personal information may be used - the only people who will benefit are the scammers behind the attack".

As usual, if you have already fallen for this particular scam then you are advised to go to your profile and click on the info tab from where you can remove the scammer pages from the 'likes and interests' section.

Attachments coke.jpg 30.9 KB coke2.jpg 27.26 KB

As Editorial Director and Managing Analyst with IT Security Thing I am putting more than two decades of consulting experience into providing opinionated insight regarding the security threat landscape for IT security professionals. As an Editorial Fellow with Dennis Publishing, I bring more than two decades of writing experience across the technology industry into publications such as Alphr, IT Pro and (in good old fashioned print) PC Pro. I also write for SC Magazine UK and Infosecurity, as well as The Times and Sunday Times newspapers. Along the way I have been honoured with a Technology Journalist of the Year award, and three Information Security Journalist of the Year awards. Most humbling, though, was the Enigma Award for 'lifetime contribution to IT security journalism' bestowed on me in 2011.

Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.