How To Recognize and Avoid Clickjacking Attacks on Facebook
When you have the burning desire to click on a post on your friends' Facebook wall that says "Pictures of girls in bikinis I took" don't be too hasty to click on the link because it may be a clickjacking attack.
Over the past several months, we have witnessed first-hand on how a number of Facbeook users have been duped into clicking on bogus links that either redirects their web browsers to a phishing site or an online survey all in an effort to collect personal information. In addition, we have seen some clickjacking scams spread malware. Hackers have created new clever ways to trick computer users into relinquishing their personal information which can range from their home address to their social security number. Facebook users can avoid all of this if they know how to recognize and avoid common clickjacking attacks.
Table of Contents
What is Clickjacking?
Clickjacking is the sneaky process of tricking a web user into revealing personal or confidential information all through a user clicking on an innocuous (thought to be harmless) link or web page. Clickjacking is relatively new as it has only been known to be used for malicious purposes over the past couple years. Most times, a clickjacking link on Facebook is related to recent popular news, catchy phrases, or some rather enticing subject.
How do you recognize a clickjacking attack phrase or link on Facebook?
On Facebook, clickjacking attacks are designed to grab the attention of a user. To easily recognize a clickjacking phrase, be on the lookout for a short phrase or sentence. Sometimes the short phrase or sentence is provocative so that it will easily arouse your curiosity. Identifying these types of phrases can be a difficult process due to the nature of Facebook status updates, generally being concise. One difference in a normal Facebook status update and a clickjacking phrase is that the clickjacking update may prove to be catchier. Would you rather see images of grandma knitting a sweater or pictures of your buddy's girlfriend getting drunk at the football game? Don't answer that.
We have found some clickjacking phrases to use improper grammar, spelling or prove to be completely inappropriate. Usually you know what type of links friends on Facebook generally post. If they post something all-of-a-sudden out of character, chances are that it is a bogus link from a malware infection or clickjacking attack. Usually clickjacking links have extra unfamiliar characters in the URL link address that may be posted at the end of the phrase. Be on the watch for web links that look like hxxp://fbhole.com/omg/allow.php?s=a&r=72306 (do not visit) or hxxp://azkaxo.com/survey.php?s=a&88613 (do not visit). These links may include php code that runs malicious scripts leading you to malware.
What should you do to avoid clickjacking attacks?
Many of the clickjacking links on Facebook, once clicked on, will pop-up a bogus 'Security Check' (Figure 1. below) that in reality is a method for posting the clickjacking attack link to your own Facebook profile instead of a 'conformation that you are 18 years old'. This is how clickjacking attacks are able to spread so easily. The initial 'Security Check' dialog is sometimes followed by another one (Figure 2. below) that asks you to verify that you are human just like a legitimate Capcha check would on any other site. By clicking the 'Submit' button, you would have posted the clickjacking attack on your Facebook profile. Clicking the 'Cancel' button will keep the clickjacking attack link from being posted to your profile and may prevent your web browser from being pointed to a malicious or phishing site.
Figure 1. Facebook clickjacking bogus 'Security Check' confirm that you are 18 years old pop-up.
Figure 2. Facebook clickjacking bogus 'Security Check' verify that you are a human pop-up.
Remember, clickjacking links will normally come from your Facebook friends because at one time they fell victim to the attack and it was posted on their profile. Whenever you are in doubt about a particular link on a Friends' Facebook profile, do not click on it. It is better to be safe than sorry in case that a potential clickjacking link is designed to steal your credit card information. If you want to see 'bikini pictures' or 'Paramore Naked photos (previous clickjacking indecent we reported on)', maybe it is best that you visit a reputable porn site instead of Facebook.
Have you ever encountered a clickjacking attack on Facebook? Have you ever instantly identified a specific Facebook wall post as a clickjacking scam? If so, what did it look like and what did it say?