Recently, some of my friends and family have been victims of Likejacking at Facebook. It’s a type of clickjacking in which you are tricked into Likeinga website. It’s never happened to me, but I’ve just been very lucky. After a short time studying these Likejacking scams, I can see that it’s easy to be tricked. Below are three examples and how it works.
[images from Facecrooks.com]
As you can see, these are very tempting and they look like legitimate Likesfrom your friends. If you click to open them, you are taken to a page, normally with a video on it that needs to be clicked to play.
Clicking to play it, will instantly Likethis page on your wall. You can’t see it, but there’s a hidden Likebutton under your mouse cursor, no matter where you click on the page. Isn’t that sneaky?
Usually, you’ll be directed to fill out surveys before you are allowed to see a video. The hackers get paid for getting people to fill them out.
Here’s what it looks like when a hidden Likejack is detected with NoScript.
In Google’s Chrome browser, you can right click on a link in Facebook and open it in Incognitomode. That way, you won’t be logged into Facebook when you arrive at the new page.
So far, I haven’t seen that feature in other browsers, but I think it can be added via extensions or addons.
Your best defense is some common sense. You will need to be more suspicious of your friends’ posts. It’s hard to resist temptation, but it’s also good for you.