Shocking video of a girl attacked by a shark? OMG – it’s a colourful clickjack attack

Hot on the heels of other recent scams spreading virally across Facebook, we’re now seeing another – this time posing as a link to an alleged shocking video of a girl being attacked by a shark.

Thousands of messages have been posted by Facebook users reading:

OMG The Most Shocking Video Caught On Camera Girl Being Attacked By A Shark

OMG The Most Shocking Video Caught On Camera Girl Being Attacked By A Shark

If you click on the link you are taken to a Facebook page which fools you into believing you are about to watch a video. All you need to do (they say) is click on the red button and the blue button.

OMG shocking video of a girl attacked by a shark

If you agree to click on the coloured buttons (and I have to wonder why you would) then you are actually being clickjacked – secretly liking and sharing the link with all of your Facebook friends. You’re in good company at least – thousands of other Facebook users have done the same..

Link to shark video page posted on your Facebook page

And now you’re a fan of that page they’re free to send your updates and messages, and potentially spam you or send you malicious links. What’s worse – you’ve endorsed the page and shared it with your online mates.

Sign up to our free newsletter.
Security news, advice, and tips.

All because you wanted to watch a shocking video of a girl being attacked by a shark.

In just the time it’s taken me to write this blog post, some 1000 more people have agreed to “like” this page. I wonder how they would feel if they realised they had been scammed into helping the bad guys spam out their link?


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.