Friday, 21 March 2014

How Facebook Clickjacking Spam works

Facebook Click jacking hack or spam

What is Click jacking?
Click jacking is a technique used by hackers or spammers to trick or cheat the users into clicking on links or buttons that are hidden from normal view (usually links color is same as page background). Clickjacking is possible because of a security weakness in web browsers that allows web pages to be layered and hidden from general view. In this situation what happens is that You think that you are clicking on a standard button or link, like the PLAY button or download button on an video or some stuff, but you are really clicking on a hidden link. Since you can’t see the clickjacker’s hidden link, you have no idea what you’re really doing. You could be downloading malware or making all your Facebook information public without realizing it. Some good hackers make ajax keyloggers and put them as javascripts over their fake websites and when you open them they retrieve all your passwords stored in web browser and records whatever you type while the web browser is open and stores this information on their servers.

There are several types of clickjacking but the most common is to hide a LIKE button under a dummy or fake button. This technique is called Likejacking. A scammer or hacker might trick you by saying that you like a product you’ve never heard. At first glance, likejacking sounds more annoying than harmful, but that’s not always true. If you’re scammed for liking Mark Zukenberg​, the world isn’t likely to end. But you may be helping to spread spam or possibly sending Friends somewhere that contains malware.

How can you avoid being Clickjacked by Spammers or Hackers?
There are lot of ways by which you can protect yourself from getting ClickJacked and hence minimize the risk or falling prey to hackers or spammers. But simplest one by using latest web browser or installing latest updates. The browser companies are continually adding updates to shut down vulnerabilities that allow clickjackers and other scammers to operate.
If you’re using Firefox, also consider installing the NoScript add-on. Beyond that, pay attention to what you’re getting and from whom. Would a college professor really share a post about watching hidden camera videos? If a post from one of your Friends seems suspicious, don’t click on it!
A suspicious post could be a sign that your Friend’s Facebook account has been hijacked or that your Friend has been clickjacked to LIKE or SHARE something without knowing it. If you know your Friends, you’ll know what those Friends really would LIKE or SHARE. That’s why one of your best protections against scams is not confirming Friend requests from people you don’t actually know.
Another great tool to help you avoid clickjacking is Web of Trust (WOT). WOT is a free browser tool that maintains a database of known safe sites as well as malicious sites reported by the WOT community. Attempt to visit a known malicious site and WOT warns you in advance. The WOT download is simple to install.

Some Security Tips:
• Keep your antivirus, anti-spyware, web toolbar, web browser and system upto date by installing all security updates and security patches.
• Don’t click on suspicious links or the links generated by Facebook applications.
• Use available security tools mentioned above to stay safe and protected.

Facebook also has checks in place to detect malicious and spam websites. Adding WOT to the existing Facebook checks gives you one more tool in your arsenal against hackers. The two checks work together to provide a joint warning system if you attempt to visit a site reported to have malware, phishing, or spam.

No comments:

Post a Comment