The Unwary Facebook
Clickjacking is an old method that (as its name stands for) hijacks user’s mouse clicks on a page in order to force ill-intentioned web activities. A hidden or transparent iframe is placed on top of a legitimate button which is most likely known by users. Once they click what they know to be there – usually a message box – they are immediately redirected to a different page and asked to fill in forms, confirm their credentials, answer some questions or further click other links. Of course, this page looks legit and trustworthy so that the unwary Internet user has no idea what happened.
Social networking platforms are mostly targeted by this kind of attacks. The explanation is simple: a lot of people use them for socialization reason; hence their popularity. Moreover, the extensive database of such a community lures a significant number of cybercriminals inciting their ill-intentioned creativity.
The most recent Facebook clickjacker blends the documented feature of registering an anonymous "like" button without adding extra security checks with highly enticing comments, such as those depicted below:.
"LOL This girl gets OWNED after a POLICE OFFICER reads her STATUS MESSAGE.", "This man takes a picture of himself EVERYDAY for 8 YEARS!!", "The Prom Dress That Got This Girl Suspended From School.""This Girl Has An Interesting Way Of Eating A Banana, Check It Out!"
Upon clicking the infamous “like” button, users access transparent iframe which sends them towards various blogspot.com-hosted web pages. In some cases, they reach an apparently blank page with a “click here to continue” message or they are asked to fill in a questionnaire. Due to Facebook’s popularity and their extensive user base, this social networking service has become not only a preferred target of information harvesters, but also the favorite playground for commercial purposes (such as disseminating adware, making users click on ads or filling in forms). Now imagine that each form filled by the unwary Facebook user brings the hijacker a specific revenue times the number of lured users and you’ll see why clickjacking is that popular.
Facebook has been notified and these abusive pages have been suspended.
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US
July 16, 2021
How to protect yourself against cyberstalking
July 06, 2021
The Top Five Security Risks Smartphone Users Face Today
July 02, 2021
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials
July 02, 2021
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger
June 30, 2021
Mobile security threats: reality or myth?
June 13, 2021
FOLLOW US ON
You might also like
April 22, 2021
April 22, 2021
April 13, 2021