Would you click on the link below?
If so, you would quickly find yourself becoming the latest victim in a recent string of Facebook Clickjacking attacks. The HappyMeals and other Clickjacking attacks work by enticing victims with catchy one liners, such as “OMG! I cant BELIEVE a WOMAN found THIS in her McDonalds Nuggets! WTFF!! >> [link to content],” or “Holy CRAP! I just saw your MOM in this VIDEO!!!!”. Once the link is clicked, the attack then tricks victims into making a series of additional clicks, which give the attackers the ability to spam the malicious content on the victims wall.
So far, these attacks have primarily been used to promote Cost Per Action (CPA) affiliate schemes, which earn the attackers affiliate dollars in exchange for completed surveys or other traffic driven actions.
Weaponizing these attacks is fairly trivial, so you should proceed with extreme caution when clicking links that appear to be from friends or applications on social networks. The HappyMeals clickjacking attack has been removed by the Facebook Security Team, but that’s not before 24,232 victims clicked on the link.
Stay safe out there!