Posted tagged ‘identity theft’

Clickjacking Affects Businesses Too

September 4, 2011

If you use the Internet, then you should know something about clickjacking. Simply put, you should know that it makes your browser perform an action that you didn’t (intentionally) execute. That can cause various problems, such as posting information on your Facbeook page, buying items on Amazon, or stealing your private information.

So, you know that there are some risks. If you’re smart, then you try to avoid suspicious videos and links. You might even use a widget or app that helps you detect potentially clickjacked sites.

But you’re just one person. Most of the time, you can protect yourself, but you know that things slip through every now and then. Chances are that you don’t even know when it happens. You just go about your day without knowing anything about it at all.

It’s a different story, though, when you are a business. Businesses have to worry about hundreds or thousands of employees clicking objects on the Internet. That means they are at a higher risk of contamination. It’s no wonder that so many businesses focus on security strategies that involve keeping a close eye on every employee.

You have to worry about things like identity theft. Businesses, however, have to worry about viruses stealing information from their clients. A business’s network often contains the credit card information and addresses of thousands of clients, not to mention the information that they use to confirm your identity when customers contact them.

This is a big concern for businesses, and that probably includes your employer. If your work doesn’t let you browse the Internet freely, there’s probably a good reason for that.



Why Do Clickjackers Do It?

August 29, 2011

Clickjacking requires pretty rudimentary programming skills. You can take a couple of college classes and learn all of the skills that you need to implement a fairly successful clickjacking campaign. Just because something is easy, though, doesn’t mean that someone will do it. There has to be some kind of reward, right?

Not surprisingly, the big reward for clickjackers is money.

Symantec Security Response did some research showing that clickjackers can earn as much as $40,000. That’s a lot of money for such a small amount of work.

There are, of course, various ways that clickjackers can make money.

One of the most popular ways is to trick Internet users into filling out online surveys. Survey companies are often willing to pay websites for sending information their way. Each survey doesn’t earn much money at all. A successful clickjacking campaign, however, could potential trick thousands of people into filling out surveys. The money from those surveys adds up quickly, allowing the clickjacker to earn a good income.

Other clickjacking attacks focus on stealing information from Internet users. These attacks typically install spyware on your computer that allows a hacker to gather information about your activities. That makes it possible for the hacker to access your email account to send out spam. Like online surveys, each piece of spam earns a small amount of money that quickly adds up.

Hackers can also used clickjacked links to install spyware that will capture your personal information. This can allow the hacker to steal your identity, open a credit card in your name, or access your bank accounts.

Clickjacking on Twitter

June 30, 2011

Most clickjacking attacks currently take place on social media sites such as Facebook. Myspace isn’t really as popular these days (so much so that News Corp has dumped it, which means that I would actually consider using Myspace again). More and more, though, we’re finding that clickjackers are turning to Twitter to scam their victims.

Twitter has emerged as one of the most popular web-based services around. It’s a microblogging tool that allows users to send short messages to a lot of people at once. If you’re not already using it, then you can think of Twitter as telegram that goes out to hundreds of thousands of people (assuming that you’re popular enough to have that many followers).

This has lead to some big problems for Twitter users who don’t expect to find clickjacking links in these posts.

The added threat is that most people access Twitter through their mobile devices. Of course, these devices are becoming the central hub for a person’s private information, including phone numbers and credit card numbers. Clickjackers that use Twitter, therefore, could have the opportunity to steal sensitive information that allows them to steal identities and commit fraud.

What can you do to stop it? You don’t have to avoid Twitter. Start by disabling scripts in your browser. That will prevent some attacks. The best thing that you can do, though, is to remain vigilant and pay close attention to every link that you follow.If you have any doubts, then don’t click the link. It’s that simple. Telling the difference between a clickjack and an honest link, however, usually requires some experience.

What are some of the ways that you can spot clickjacks on Twitter?