Be careful what you click on. Security researchers have found that a growing number of online scams are hijacking the Facebook "Like" option for fraud and profit.
The buttons aren't within Facebook itself, but use the same Facebook technology now used by many sites to integrate with the social networking site to trick them into unknowingly spamming their Facebook friends with messages. The technique, called "clickjacking", is a well-known one. But the introduction of Facebook's "Open Graph" functionality has led to a proliferation of clickjack attacks that use Facebook-related themes, according to Panda Labs.
By disguising the link as something else, Facebook users visiting a site they've been lured to—often with a message that looks like it's from a Facebook game, such as Farmville—are tricked into "liking" a page. They may not even realize that they are that they are sending a recommendation message about the site to all of their friends in the process, with text that they didn't write. Cyber-criminals can make money from this by using "pay-per-click" systems—advertising networks that pay affiliates for delivering web traffic to them—and from other offers and ads presented on the pages that users are lured to by the messages.
"Cyber-criminals can make money just by tricking you into visiting a Web page with ads," said Luis Corrons, Technical Director of PandaLabs. "Or worse still, they can spread malware and infect you. This possibility has not yet been exploited, but it would be relatively easy and effective to do it."
So, the next time you find a message on your wall from a Facebook friend with a message that sounds out of character, urging you to click on it now, be careful. It could be your friend has fallen into a trap and is unintentionally pulling you in. Of course, you might say Facebook itself is a trap your friends pull you into...