Free tickets to see latest Twilight movie? It's a clickjacking scam

According to Christopher Talampas, a fraud analyst with Trend Micro, most people would be attracted to free tickets to an advanced screening and, after an initially low-profile start, he has seem several incidents of clickjacking involving the movie on the Facebook social networking site.

Clickjacking is a malicious technique of tricking internet users into revealing confidential information – and even taking control of their computer – whilst they click on seemingly innocuous web pages.

Centering on vulnerabilities across a variety of browsers and platforms, clickjacking typically takes the form of embedded code - or script - that can execute without the user's knowledge, such as clicking on a button that appears to perform another function.

Talampas says that, if users click the "Share Link'' button on Facebook, the post is automatically shared on a user's wall, and if a user then clicks on the image or text, they are redirected to a survey page, which requires information from the user - supposedly in order to get the free movie tickets.

And once the victim clicks the continue button, s/he is then directed a further page - “needless to say, the page does not show any e-tickets or passes to the movie”, the Trend Micro analyst notes in his latest security posting.

“This page then requires the user to take another survey” he says, adding that the resultant page then sends users off to a further well-known malicious survey site.

“Users are advised to always be on the lookout for such threats and avoid clicking links to such scams on Facebook”, he adds, noting that Facebook and other social networking sites remain a viable platform for several cyber-attacks of this type.

What’s Hot on Infosecurity Magazine?