Sunday, 13 January 2013


Clickjacking is a technique used by attackers to trick users into clicking on links or buttons that are hidden from view. Clickjacking is possible because of a security weakness in web browsers that allows web pages to be layered and hidden from view. You think you are clicking on a standard button, likethe PLAY button on an enticing video, but you are really clicking on a hidden link. Since you can’t see the clickjacker’s hidden link, you have no idea what you’re really doing. You could be downloading malware or making all your Facebook information public without realizing it.
One form of clickjacking is to hide a LIKE button underneath a dummy button. That’s called Likejacking. A scammer might trick you into saying that you like a product you’ve never heard of in an underhanded bid to create viral marketing buzz. At first glance, likejacking sounds more annoying than harmful, but that’s not always true. If you’re scammed into liking Justin Bieber, the world isn’t likely to end. But you may be helping to spread spam or possibly sending Friends somewhere that contains malware.

How can you avoid being jacked?
Technologically, you can minimize your risk by staying current on browser updates. The browser companies are continually adding updates to shut down vulnerabilities that allow clickjackers and other scammers to operate. If you’re using Firefox, also consider installing the NoScript add-on. Beyond that, pay attention to what you’re getting and from whom. Would a college professor really share a post about watching hidden camera videos? If a post from one of your Friends seems suspicious, don’t click on it!
A suspicious post could be a sign that your Friend’s Facebook account has been hijacked or that your Friend has been clickjacked to LIKE or SHARE something without knowing it. If you know your Friends, you’ll know what those Friends really would LIKE or SHARE. That’s why one of your best protections against scams is not confirming Friend requests from people you don’t actually know.
Another great tool to help you avoid clickjacking is Web of Trust (WOT). WOT is a free browser tool that maintains a database of known safe sites as well as malicious sites reported by the WOT community. Attempt to visit a known malicious site and WOT warns you in advance. The WOT download is simple to install; just visit

Security Tips:
• Keep software up to date.
• Don’t click on suspicious links.
• Use available security tools.
Facebook also has checks in place to detect malicious and spammy websites. Adding WOT to the existing Facebook checks
gives you one more tool in your arsenal against hackers. The two checks work together to provide a joint warning system if
you attempt to visit a site reported to have malware, phishing, or spam.


Post a Comment