Clickjacked on Facebook

Clickjacking has become a popular way for cybercriminals to trick internet users into signing up for services and proving information without giving their actual consent. The weird thing about clickjacking, though, is that your browser thinks you have given permission to run an application.

This happens because the clickjack scammer embeds an invisible page over the web page that you are looking at. A couple of months ago, a YouTube video of Facebook clickjacking fraud caught my attention. Seriously, it concerns me more than most of the other Facebook frauds because you can’t protect yourself against it just by paying attention and being careful.

When you watch the following clickjacking example, it might not immediately dawn on you how serious this threat is. Consider, however, what would happen if the author hadn’t been so upfront about his methods.

For instance, this clickjacking blog proposes how much more dangerous the threat would be if the jacked page had pictures of LOL cats instead. Click on the cute kitty, and, boom!, you’ve opened an unknown application on Facebook.

Clickjacking is a big nuisance because it has proven especially difficult for programmers to make browsers that can protect individuals from the scheme. Even the latest versions of Chrome and FireFox can’t completely protect you.

That’s not to say that these browsers don’t try to prevent clickjackers from perpetuating Facebook frauds and similar schemes. It just seems like every time they fix one problem, another pops up in its place.

There are countless reports of clickjackers using Facebook to spread worms, hijack pages, and gather personal information.

Facebook’s response in the past has largely been to respond to clickjacking complaints quickly. That way they could nip problems in the bud before they spread too far. In the past year, though, Facebook has gotten more aggressive about embedding code that makes clickjacking more difficult. For instance, you might notice that the site now uses more browser popups than it did a couple years ago. This brings attention to log in attempts and application approvals that the user might not have intentionally authorized. You can read more about Facebook’s attempts here:

http://developers.facebook.com/news.php?blog=1&story=312

Advertisements

~ by facebookhoaxes on March 23, 2010.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: