Call it a new twist on Facebook “Like” jacking. Researchers at the firm Zscaler say that scammers are embedding Facebook “Like” widgets from top ranked Web brands and in Web pages used to promote online scams or distribute malware. The widgets make it appear as if tens- or hundreds of thousands of Facebook users ‘like’ the scam Web site.
The researchers say that they have identified Websites promoting suspicious “work at home” offers that sport hundreds of thousands of Facebook “Likes” – an informal way that Facebook users can tag content they approve of. An analysis of the malicious site’s code found that the Facebook widgets are not fake, they’re just borrowed from top ranking news and media sites. The ruse doesn’t require any hacking. Facebook allows you to embed any “Like” widget you want on your webpage.
Writing for Zscaler, researcher Julien Sobrier cited an example of a Web page, designed to resemble a news Web site, that displayed a story about a part-time, work at home mom making $7,487 a month. The page purports to have been recommended by 214,217 people on Facebook.
At first, Sobrier believed the scammers were merely using a fake widget, but upon further examination he realized it was in fact a real widget, the only problem is, the widget is actually that of CBS’s Facebook page.
It’s difficult to say for sure, but Sobrier believes the technique is effective and predicts that it will be popping up more and more in the future.