Dr. Who’s New Girl Becomes the Latest Twitter Clickjacking Theme


Britain’s longest running science fiction series Doctor Who welcomed Jenna-Louise Coleman as its newest cast. The actress’ name easily became a trending topic on Twitter—and became an easy target for clickjackers who exploited hashtags, and her name. Users were tricked with a combination of a lewd decoy and malicious technique into unsuspectingly following a Twitter account.

In his blog, Graham Culey shared details and screenshots of Twitter clickjacking activities: “The webpage you are taken to doesn’t have any content (pornographic or otherwise) related to the Time Lord’s latest sidekick. Instead, you’ll find what appears to be a portal for an Asian hardcore porn video website.”

He added, “Clicking on the video thumbnails is definitely ill-advised. When I examined the page, I found that each of the videos were masking a secret Twitter follow button.”

Doctor Who was elected into Guiness Book of world records for being one of the most successful science fiction program, with its roots dating back to 1963. The show illustrates the Time Lord’s time travelling escapades with TARDIS—the time machine that flies across time and space.

Using celebrities are no new scheme for cyber scammers. The gossip-loving planet has been a huge dwelling place for those want to want to menace the web. Last year, McAfee named 20 most dangerous celebrities, not that they are involved in hacking spree, but because they have become favorite targets of cybercriminals. The list included Brad Pitt, Scarlett Johansson and models Heidi Klum and Adriana Lima.

But even famous people who have gone to their rest did not escape web exploitation. Following her unexpected demise, Amy Winehouse’s survey scam hits Facebook and numerous internet attacks were reported capitalizing on her death. The U.S. troops pinning down world’s most wanted Osama Bin Laden was one if not the biggest news of 2011. As it hits the internet, malware started popping out through search engine. Later in the year, the Apple-philic sphere mourned Steve Jobs’ passing. And this too, did not get away from the claws of scammers. The visionary’s death was turned into impelling cause for unknowing victims to click malicious links.

The vulnerability of web browsers is clickjacking’s best opportunity. The trickery goes like this: a user clicked on a concealed link, clickjackers load another page over in a transparent layer making the scheme unnoticeable. Users actually think that they are clicking on visible buttons but in reality they are performing actions on a hidden page. This whole deceitful act can extract confidential information of users. Rampant examples of clickjacking today include tricking people into turning their social network profiles public, making users follow someone on Twitter similar to Dr. Who’s actress’ case and sharing links of Facebook. The pattern is clear, so social media fanatics beware!