Revenge on an ex-girlfriend or a Facebook clickjacking attack?

Graham Cluley
Graham Cluley
@[email protected]

Another status update was spreading virally earlier today, exploiting a clickjacking attack that we have seen Facebook scammers use in the past.

Messages were appearing on users’ Facebook accounts saying:

OMG This GUY Went a Little To Far WITH His Revenge On His EX Girlfriend

OMG This GUY Went a Little To Far WITH His Revenge On His EX Girlfriend

Sign up to our free newsletter.
Security news, advice, and tips.

Clicking on the link would take your web browser to a page which asked you to click on a red and then a blue box to “confirm” that you are human.

Colourful clickjacking attack

We’ve seen this trick a number of times before, of course.

It’s what I call a colourful clickjacking attack. You think you’re just clicking with your mouse on a red and blue box, but in fact you’re unknowingly liking and sharing the link with all of your Facebook friends.

If thousands of Facebook users like a page, as they did in this incident, then there’s the potential for cybercriminals to send spam to them or distribute a malicious link en masse to their newly-groomed fans.

But let’s continue with our journey through the scam.

Hello! Click here to continue

A hop and a click later, and you finally see what purports to be a letter from a man to his ex-girlfriend..

Revenge letter to an ex-girlfriend

Thousands of Facebook users fell for this, the latest in a long line of scams spreading virally across the network. By the looks of things, Facebook has shut this attack down – but no doubt there will be more on their way.

If you were hit, make sure that you have checked your Facebook profile to remove references to the page and ensure that you only have pages that you *really* like listed under your “like”s.

Of course, none of these attacks would spread if people were more suspicious of unusual posts made by their Facebook friends, and kept themselves informed of the latest tactics used by scammers and cybercriminals.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.