A new scam trend is picking up on Facebook, and it’s so simple, it’s likely to trick even the most experienced of users.
It’s called “clickjacking” and it’s exactly what it sounds like: a hijack of your clicks.
One example of the scam technique presents you with a video that you naturally click on to play. But instead of being “just a video”, the video also houses an invisible link that – when pressed – tells the world that you like the link and posts it to your Facebook wall.
“[These] incidents are commonly seen on social media websites, in order to get more “followers” and gain higher exposure,” says Tina Su, Trend Micro’s Product Marketing Manager for the Asia Pacific region. “Typically more annoying at first, however it can have a more serious consequence. Clickjacking can actually have a bigger payload, getting you to provide confidential data on a ‘fake’ layer.”
Symantec’s David Hall agrees, telling us that “click fraud is not a new phenomenon, but gets a new twist when applied to social networks. The principle behind these attacks is that users can be tricked into clicking on things that they do not see or are not aware off.”
Of course, the technique only works with Facebook if you’re logged into Facebook, but for many of us, that’s something that never changes. These days, many of us are logged in until we specifically hit “log out” or switch to another computer.
So how can you go on the defensive against clickjacking?
“Making sure the latest patch for your applications and web browser is up-to-date is a good start,” says Su. “Additional plug-ins from applications and web browers can also present these type of undeirable embedded codes from executing.”
An easy way to stop these attacks from affecting you is to use your best judgement and don’t click on links that look like they could be dodgy. Scams aren’t going away anytime soon so making informed decisions is always a better option instead of clicking without thinking.
“Be very cautious of messages with links that have what seem to be outrageous content,” adds Hall. “You can always do a quick Web search first to check if the link is safe and not a scam.”