6 year old’s Happy Meal from McDonalds leads to Facebook clickjacking scam

If you imagined that the legal action that Facebook is taking against alleged survey scammers would scare other spammers off the social network, then think again.

Over the weekend a number of scams have been spreading virally, using clickjacking techniques to fool Facebook users into “liking” and “sharing” links with their online friends without realising it.

A typical message reads:

OMG… Look What This 6 YEAR OLD found in Her HAPPY MEAL from McDonalds! on CLICK HERE TO SEE.

If you do make the mistake on clicking on the link you will be taken to a webpage which pretends to be hosted on Facebook, but in fact is designed to
trick you into unknowingly sharing the links with your online acquaintances, and spreading the messages further.

If you click on what appears to be the “Play” button on the video, you are really being…

Read more in my article on the Naked Security website.

Found this article interesting? Follow Graham Cluley on Twitter, Mastodon, or Threads to read more of the exclusive content we post.

Graham Cluley •   @gcluley

Graham Cluley is a veteran of the cybersecurity industry, having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent analyst, he regularly makes media appearances and is an international public speaker on the topic of cybersecurity, hackers, and online privacy. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.