American in Spain

Be careful what you click on after visiting links on Facebook

March 8, 2011
Facebook Exclamation

Spammers can be really clever sometimes. Apparently there is some way to game the Facebook "Like" button such that any click on a webpage can be sent to Facebook as if you had clicked the "Like" button. So what people do is they bait you with a juicy looking webpage, and then once on the page, when you click to view a video, or sometimes they pop up a dialog saying "To verify that you are human, click here!", and that click gets registered as you "liking" that webpage. With the change last week where there is now no longer much difference between "liking" and "sharing" in how a web page shows up on your Facebook wall, this technique is gaining even more steam. From what I can tell, they aren't doing anything particularly malicious other than tricking people into posting salacious looking crap to their wall.

Naughty Miley

The most recent manifestation of this phenomenon is with a supposedly naughty video of Miley Cyrus. On someone's wall, and in your news feed, it looks like this:

BEWARE! Miley Facebook Spam

When you click on the link, it takes you to a webpage that looks like this:

Fake YouTube Trickery

Look like a video sharing website you've seen? The first thing that I noticed when I saw this page is how the font looks the way crappy non-anti-aliased fonts look in Internet Explorer on Windows machines. Sure enough, any click anywhere on this page results in Facebook posting this to your wall.

While I don't know the intricacies of how Facebook's "Like" button code works, I'm pretty sure that they could fix this with more careful javascript checks to verify the exact element the javascript event was fired on.

Until then, be very careful of what you click on after you see that a friend has "liked" a link that seems a little too interesting. And if you do fall for this (I did once), go to your wall and remove the post immediately to stop the spread of the spam to your more gullible friends.