Facebook - Beware of numerous scam messages circulating

Facebook is one of the most popular sites on the Internet and Symantec shares caution in selecting links, the LIKE button, or clicking on other dangerous objects.

Social Network Flooded with Scam Messages
http://www.symantec.com/connect/blogs/social-network-flooded-scam-messages

Facebook now has over 500 million registered users, which makes this social network (like many other social networks) a very attractive “fishing pool” for attackers. There are so many potential victims that could easily fall for any of the scattered bait. So, it does not come as a surprise that we see another scam campaign launched nearly every week.

Even though it might appear that one of your friends has shared this link, he or she most likely did not do it knowingly. This is because whenever someone follows one of these malicious links, he or she ends up at an intermediate site on Facebook that will then load an “iframe” from a remote site. In this particular case, the remote site hosted four more scams targeting Facebook, each with different themes. The iframe loads an Uncle Sam image from a free image-hosting site and then asks the user to click on some part of the image.

However, what the user doesn’t see is that the attacker has also loaded a Facebook site, but has modified it to be invisible. The hidden page that is loaded is the Facebook “Like button” page, which is conveniently placed under the mouse pointer of the user. Hence, when the user clicks on the colored bars of the image, he or she is actually clicking on the invisible Like button and consequently shares the attacker’s link with all of his or her friends on Facebook. (The same trick is attempted with an invisible “Share” button.)