Don’t click on ‘Paramore n-a-k-ed photo leaked!’ Facebook link

Hayley Williams, lead singer of Paramore
Updated Many Facebook users are being hit by further clickjacking attacks today, taking advantage of the social network’s “Like” facility.

The latest lure is a link which claims to point to a website containing a naked photo of Hayley Williams, the lead singer of the American rock band Paramore.

Affected profiles can be identified by seeing that the Facebook user has apparently “liked” a link:

Paramore n-a-k-ed photo leaked!

Paramore n-a-k-ed photo leaked! malicious message

The fact that 21-year-old Hayley Williams has recently been the subject of much internet interest after a topless photo of her was leaked online, is only likely to fuel interest in the naked pictures promised by these links. But take care, because all may not be what it seems.

Sign up to our free newsletter.
Security news, advice, and tips.

Clicking on the links takes Facebook users to a third-party website which displays a message saying:

Click here to continue if you are 18 years of age or above

Paramore naked photo age check

What the hackers have actually done is very sneaky. They have hidden an invisible button under your mouse, so wherever you click on the website your mouse-press is hijacked. As a consequence, when you click with the mouse you’re also secretly clicking on a button which tells Facebook that you ‘like’ the webpage. This then gets published on your own Facebook page, and shared with your online friends, resulting in the link spreading virally.

Attacks like this can spread very very fast. Judging by the number of messages I’ve seen, thousands have already found it impossible to resist the idea of seeing the lead singer of Paramore naked and have fallen head-first into the “likejacking” trap.

This use of a clickjacking exploit to publish the same message (via an invisible iFrame) to the visiting user’s own Facebook page works in a similar fashion to the clickjacking attacks we saw earlier this week.

It’s clear that Facebook needs to tighten up the way it handles the ‘liking’ of external webpages before it is even more widely abused by malicious hackers and spammers.

If you believe you may have been hit by this attack, view the recent activity on your news feed and delete entries related to the above links. Furthermore, you should view your profile, click on your Info tab and remove any of the pages from your “Likes and interests” section.

And, please, if you have Facebook friends or acquaintances who have fallen foul of this attack please warn them about it, and suggest that they click a little more carefully in future.

Update Interestingly, the same third-party website hosting the “Paramore naked photo” clickjacking attack is also carrying another webpage containing a clickjacking attack related to teen heart-throb singing sensation Justin Bieber.

If you click on a Facebook “like” link declaring

Justin Biebers Phone Number Leaked!

then you may find yourself taken to a webpage which says “Click here to continue”.

If you do click then you will have your mouse-press hijacked (declaring to all of your Facebook friends that you “Like” “Justin Bieber’s Phone Number Leaked!”) and you will be presented with what is claimed to be Justin Bieber’s phone number and address in Florida.

Justin Bieber's phone number and address

I have no way of telling if the phone number and address are genuine, and I don’t think it’s appropriate to share them regardless, so I’ve pixelated them out in the screenshot above.

Of course, it’s not the first time we’ve seen Justin Bieber’s popularity exploited by cybercriminals.

Hat-tip: Thanks to @theharmonyguy for informing me about the Justin Bieber-related clickjacking.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.