Last week on our blog we discussed two of the five malicious threats users of facebook are prone to. We outlined the ‘Koobface’ & ‘Palevo’ worms as well as the ‘Zeus’ trojan and how you can protect yourself from these. Todays blog post covers the details of the other malicious attacks.
3. Clickjacking also known as ‘Likejacking’:
Another type of social engineering attack that tricks users into clicking on seemingly normal aspects of a facebook post and its functionalities resulting in a mass spread of the malicious script. When a user ‘likes’ certain media or posts it allows these to be shared with their friends – people see posts liked by their friends on the newsfeed and tend to click on it themselves. These ‘likejacking’ scripts make use of this like feature to spread the malicious content.
Majority of ‘likejacking’ scams follow the same structure:
- uses an interesting and alluring title about some fake article or media post to captivate interest
- wait for users to like the article
- re-post itself on the newsfeed
- keep repeating this format