If you get a message on your Facebook page saying Cheerleaders gone wild have to see this, ignore it. That's the advice from security expert Graham Cluley of Sophos software.
Cluley says the security company is seeing many of these messages, which he says are part of a clever clickjacking scheme. Clickjacking is a technique whereby hackers trick web users into revealing confidential information or take control of their computer when they click on seemingly harmless web pages.
If you click on the cheerleaders link it will take you to what appears to be a Facebook page. The page has text that declares the content you are about to access is "inappropriate for some users" as it "may contain shocking graphics, nudity or disrespect other individuals". The warning, which is designed to appear like an official Facebook message, asks you to confirm that you are 18 years old or older before you can proceed.
Setting the hook
Now that they have your attention, the scammers then ask you to press the numbers 1, 2 and 3 in a particular order to prove that you really are a human being. When you click on the buttons, however, you are being clickjacked.
You may think you are just pressing numbers in a particular sequence, but in fact your mouse clicks are invisibly confirming that you "Like" the "Cheerleaders gone wild" page, something that you may not want your friends and family to see, which gets communicated to other Facebook users via your newsfeed, Cluley writes in his blog.
It turns out you are also being clickjacked into liking pages called Funniest Videos On the Web" and "Free ringtones every day". But you may not realize this, Cluley says, unless you examine your profile carefully and check your list of "liked" pages.
Engrossed in the video
But you probably haven't noticed any of this, of course, because by now you are watching a YouTube video of a group of young cheerleaders up to antics which, quite frankly, I didn't find at all shocking and didn't involve any nudity. At least that was the case when I checked it out, Cluley said.
If you really wanted to see the video, you could have accessed it directly from YouTube. If you watched it through the bogus Facebook offering, you simply helped out a group of spammers who clickjacked you into helping pump up their page views. Cluley says if you were victimized, be sure to clean up your Facebook profile and remove references to the "Cheerleaders Gone Wild" and other pages.
You should always be wary of suspicious out-of-character posts made by your Facebook friends, Cluley said.