Cheryl Cole clickjacking on Facebook, posing as a BBC news report

Graham Cluley
Graham Cluley
@[email protected]

Cheryl ColeGirls Aloud pop star Cheryl Cole, famous in the UK for her role as a judge on top TV show “The X Factor” which had its grand final last night, is being exploited by scammers on Facebook.

Scammers are using a clickjacking technique to trick users into “liking” a webpage without their knowledge, believing it to be a BBC News report about paparazzi photographs that have exposed the popular celebrity.

Using the familiar banner of the BBC News website, the story beneath is not exactly the err.. content you would normally associate with the British Broadcasting Corporation. Instead it shows a typically tabloid pararazzi photograph of Cheryl Cole getting out of a car while wearing a short skirt.

Cheryl Cole likejacking page

Sign up to our free newsletter.
Security news, advice, and tips.

Hardly the most convincing replica of the BBC website I’ve ever seen, but if you are tempted to click on the page uses a clickjacking technique to invisibly “like” the webpage, sharing it with all of your Facebook friends and buddies.

Cheryl Cole likejacking message

BBC News: Cheryl Cole Exposed Paparazzi Photos !

You won’t realise, however, that your Facebook page has been updated unless you specifically look at your feed.

Instead, chances are that some fans of Cheryl Cole will venture further, seeing another page which looks distinctly unlike those normally produced by the BBC – and ultimately a picture that is often printed in the more lowbrow British newspapers.

Cheryl Cole uncensored

So, what’s all the purpose of all this? Well, it appears that once again scammers are abusing Facebook users to drive traffic to online surveys – designed to earn them commission for every survey completed.

It’s really time that something more serious was done about spam like this, which has been exploiting Facebook users for far too long.

If you have been hit by a scam like this, delete the messages from your newsfeed and remove the “like”s from your profile.

If you want to get earlier warning about security threats on the social network and elsewhere on the internet, you could do a lot worse than join the Sophos Facebook page.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.