- Users are advised not to click on links contained in suspicious posts, even if they’re published by their contacts.
Facebook Clickjacking Scam Abuses “Recent Profile Views”
As its popularity among users grows, Instagram is becoming more and more exploited by cybercriminals. It all starts with a Facebook post that advertises an app which allows customers to see who has been viewing their profiles. To attract the user’s attention, the scammers are tagging them in photos posted on their friend's timelines.
Users who click on the provided link are taken to a fake Facebook page where they’re instructed on how to generate a verification code, represented by a URL, and paste it into a designated textbox. Then, they’re asked to install the Instagram for Facebook app.
This allows the attackers to re-post the scammy message on the victim’s behalf, along with an album called Instagram Photos.
Depending on the victims’ location, they’re redirected to web advertisement or online deal sites that ask for email subscriptions.
Experts have found that the malicious link has already been clicked more than 825,000 times by users mostly located in India and the Philippines.