Over the weekend we’ve received multiple reports about a new exploit that makes it appear as though a user “Liked” a page which they didn’t actually like. Numerous Pages have exploited the hack and it appears to have hit hundreds of thousands of users already on Pages like “The Prom Dress That Got This Girl EXPELLED From School”, “20 Chuck Norris Facts You Probably Didn’t Know”, “LOL This girl gets OWNED after a POLICE OFFICER reads her STATUS MESSAGE”, and many others.
Zach Allia, of LikeButton.me has written up a guide to how this clickjacking attack is taking place. Facebook has been the victim of numerous security attacks over the past couple weekends. While this latest attack doesn’t appear to install a virus, some users are becoming infected with a worm according to the security firm Sophos.
If you have become a victim, you should delete any spam entries from your Facebook feed related to these exploits. There have been other exploits similar to this recently, however this is perfect timing for the scammers as most Facebook employees are enjoying their Memorial Day holiday.