The authentic “Like” is the one on top; the fake is the one below it. As you can see, the real “like” is virtually indistinguishable from the bogus “like”: the only actual way to tell the difference is by visual inspection of the link. When you hover over “House of 1,000 Corpses” or “Thinking”, the browser shows a link beginning (as expected) with “http://www.facebook.com”. Hovering over “Sorry, I’m allergic to bullshit” shows, instead, a link to “http:/likeylikey.net”.
It’s reported to me that it’s possible to become “infected” with this simply by clicking on the “like” link, visiting the actual site is not necessary. So far, four folks on my friends list on Facebook have picked up (and are propagating) this one.
Be very wary! Facebook is not giving us the information we need to be able to avoid these things. According to an article on the Sophos blog, this attack is accomplished by “clickjacking” via an invisible iFrame on the screen. The Register story suggests “there are no reports that the Facebook attacks amount to much more than pranks that cause users to click a ‘Like’ button that recommends a link to their friends. But it’s not inconceivable that the ‘likejacking’ exploits could be used in much the way black-hat search engine optimization is used to lure people to websites that try to install malware on their machines.”
Neither of those appears fake, and your post doesn’t indicate which one you think is. The first entry doesn’t have the “Like” link because it’s a combined report that the person liked two different pages. Which one would the link apply to? The bottom one does, because it’s reporting about only one page, so there’s no ambiguity for the action.
Okay, Nolly, I’m a little baffled. I put red arrows pointing out which is the fake, which I thought was a fairly clear indication.
If you’re correct about the combined “like” not presenting a “like” link (and, yeah, that makes sense), then the only way to tell a bad “like” from a good one is to check the link under what it is you’re ostensibly “liking” by hovering over it and visually inspecting where it’s planning on taking you.
Oh, I see: the column width is obscuring the notations on the arrows. Right-click on the screen shot, and choose “View image…” from the contextual menu.
I’ll try to put up a better version of the screen shot today. In the meantime, the “Like” on top is real, the “Like” below is a like-jacking.
Yes, the cut-off image is what threw me. Hovering the link really is the only way to tell. I’ve seen likeylikey, likespike, and likeportal on my feeds today.
Update: FB has started add “on [site]” to these, making it obvious when it’s on one of the like-generator sites. Also, tere’s now a “Report Link” option in the Hide menu, so I’ve been reporting them as spam. Like the “like” link, this is only available when there’s a single “liked” item in the report, but so far, that’s most of the time.