Clickjacking: the next frontier

Wherever Facebook goes, clickjacking will follow.

Last May, internet security specialists discovered that hackers had developed a revised clickjack called likejacking. Likejacking uses Facebook’s “like” button to spread viruses to unsuspecting Fb members. Since liking a link means sharing that link with friends via a wall post, likejacked links could spread quickly.

Facebook recently released a share feature that works much like the like button, except it doesn’t imply actually liking the link. Still, it posts the link, video, or what-have-you to your wall, where friends can view it. Depending on how many friends a Facebook member has, shared objects could go out to hundreds or even thousands of people.

There was significant potential for abuse. Hackers, of course, spotted that potential and created what is now being referred to as a sharejack.

Sophos, an internet security firm, quickly noticed the abuse and published a report about Facebook profiles using the sharejack. Facebook responded even faster by pulling the pages from  their website. Still, there is a persistent threat of misuse.

How can you avoid this scam? Like most clickjacks, sharejacking has something a bit off about it. Sharejacked profiles often make you go through a series of “human identification” tests that are supposed to ensure that you are a human instead of a computer. That’s a solid tip off that something is amiss since other pages don’t require these steps.

Pay attention to what you do on Facebook and other social networking sites, and avoid anything that seems remotely fishy.

Explore posts in the same categories: Uncategorized

Tags: , , ,

You can comment below, or link to this permanent URL from your own site.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: