Christina Aguilera has joined the ranks of Justin Bieber, Miley Cyrus, and Emma Watson, in old Facebook scams that seem to have gotten a recent boost under new headlines taking advantage of celebrity obsessions. It looks like these scams are working, because new ones keep popping up on the social network.
The Aguilera version starts with an exclamation such as "WTF!", "SHOCK!SICK!", or "WICKED!" and continues with "I just saw a movie how Christina Aguilera got arrested which was minutes ago!!" and a link. The singer and actress was apparently recently arrested in Hollywood, though she has been released since, and told that she would not be charged, according to Sophos.
Just like the previous "likejacking" scams (a play on the term clickjacking, which means prompting a victim to click something while a different action is taken behind the scenes) any of the above will lead you to a fake YouTube page such as TouTube or FbTube. Clicking on play will give you a warning message: "Please Watch this video only if you are 16 years or older."
The Fake YouTube player video window is overlayed with a hidden iframe; actually clicking on it anywhere will submit a Facebook Like and spread the post to your Facebook page. A fake Facebook dialog box also pops up and asks you to verify your age by completing a survey with links to various marketing surveys. The scammer earns his or her money via a commission for every survey completed. They can even trick you into handing over your mobile phone number to sign you up for a premium rate SMS service.
As I've recommended before, if you see a scam like this one, report it. Then go check your own wall to make sure you're not spreading the scam; the sooner you clean it up and unlike the page, the better. You can even contact Facebook Security if you'd like to. Some security suites as well as the Firefox add-on NoScript will prevent the likejacking from taking place.
Facebook needs to take action on these scams. I would suggest changing the functionality of the Facebook Like button so that it cannot be clicked on unless it is visible. Unfortunately, this would be particularly difficult to implement. An easier solution, but one that Facebook would be very apprehensive to change, would be to prompt the user for confirmation before a Facebook Like goes through. What would you suggest?