Facebook Clickjacking Attacks: Avoid Them !!
I am sure many of you have the burning desire to click on a post of your friends’ Facebook wall that says “Pictures of hot girls in bikinis I took” or “Hot MMS i made” don’t be too hasty to click on those links because it may be a Clickjacking attack.
Over the past couple of years, i have witnessed first-hand on how a millions of Facbeook users have been duped into clicking on bogus/maicious links that either redirects their web browsers to a phishing site or to other malicious sites in an effort to compromise their account as well as their system. In addition to that i have saw some clickjacking scams spread malware (Malicious Software). These days hackers have created new and clever ways to fool or to entice computer users into relinquishing their personal information which can range from their home address to their credit card number or even their social security number. But you know, Facebook users can avoid all of this if they know how to recognize and avoid these clickjacking attacks.
What is Clickjacking?
“Clickjacking” which is also known as “Likejacking” is is a malicious technique or you can say a sneaky process of tricking a web user into revealing personal or confidential information all through a user clicking on seemingly innocuous (thought to be harmless) web pages. Clickjacking is relatively new as it has only been known to be used for malicious purposes over the past couple years by hackers and malware authors. Most of the time, a clickjacking link on Facebook is related to recent popular news, eye catchy phrases, or rather an enticing subject.
How to recognize a Clickjacking link on Facebook?
On Facebook, Clickjacking attacks are designed to arouse the curiosity of a user. To easily find out a clickjacking link, be on the lookout for a short link/phrase or sentence. Sometimes these short phrases/links or sentences are provocative so that it will easily grab your attention. Identifying these types of phrases can be little difficult process due to the nature of Facebook status updates. One difference in a normal Facebook status update and a clickjacking phrase is that the clickjacking update may prove to be catchy. Would you rather see images of your mom knitting a sweater or pictures of your girlfriend getting drunk at soccer? Beware !! Don’t answer that.
Recently i have saw some Clickjacking phrases which uses improper grammar, spellings that prove to be completely wrong. Usually you may know what type of links friends on Facebook generally post. If all-of-a-sudden they start posting out of character, chances are that it is a malicious link from a malware infection or clickjacking attack. Usually clickjacking links have some sort of unfamiliar characters in the URL link address that may be posted at the end of very phrase. Be on the watch for web links that looks like hxxp://suka-bitch.co.cc/46/0aa3b64d4eb2f776158847eb9127ea36.php/xml (Do Not Open) or hxxp://kinosex-video.ru/files/xxx_video_291.avi (Do Not Open). These links may include php code that runs malicious payloads leading you to malware.
How to avoid Clickjacking attacks?
Many of the clickjacking links on Facebook, once clicked on by user, are taken to a third-party Website which displays a pop-up or a message “Click here to continue if you are 18 years of age or above”, a bogus ‘Security Check’ that in reality is a method for posting the clickjacking attack link to your own Facebook profile instead of a “conformation that you are 18 years old”
Sometimes the initial ‘Security Check’ dialog is followed by another one where you need to verify that you’re human, in order to avoid spam bots, just like a legitimate CAPTCHA check would on any other website. By clicking the ‘Submit’ button, you may thought that you proved you’re human but in reality you would have posted the clickjacking attack on your Facebook profile.
“Attacks like this spreads very, very fast,”
Always keep in your mind that, clickjacking links will normally come from your Facebook friends because at one time they fell victim to the attack and it was posted on their profile. Whenever you have a doubt about a particular link on a Friends’ Facebook profile, do not click on it at any cost. Facebook’s privacy/security settings wouldn’t keep users safe from the “likejacking” attacks, so you should know on which URL’s or applications you’re clicking on before you click the ‘like’ button. Remember, “Its better to be Safe than Sorry”..