Wednesday, May 30, 2012

Click-jacking and Like-jacking on Facebook

"Apparently my Facebook account was hacked. I did not send out those wall posts that promote ___________. Those posts were sent out in my name, but I was unaware of it. I've changed my password. Sorry about this."

You see such posts quite often. Another person was deceived by a "Like This" or "Share This" con job on Facebook.

Facebook is full of scams, malware, rogue apps, and other dangers. Beware of any wall post that says "Like and Share this", when it's accompanied by an image that's promoting a Free iPad or a Sweepstakes or a Child Burn Victim or a Timeline Remover -- and similar things.

Whenever I see this in my News Feed, I'll post the comment "This is a SCAM. Do NOT click on the link." I don't care if I anger anybody. By spreading these scams, knowingly or unknowingly, they're endangering people, and I'm warning others about it.

Some people are gullible, easy marks for con artists, very poor in critical thinking skills. You probably know people who open every email and every email attachment. They've been warned repeatedly about viruses and scams, but they can't control themselves. They're impulsive. They cling to a delusion that someday, they'll win the lottery or get rich helping a Nigerian princess if they send them thousands of dollars right now.

Dreams, wishful thinking, fantasies, positive affirmation-fueled delusions can be very dangerous. This is how con artists trick people. It's called Social Engineering. They are predators taking advantage of people's hopes, greed, and desire for Get Rich Quick schemes.

Click-jacking and Like-jacking are two common tools of the con artist on Facebook.

They trick a Facebook friend of yours to click on a link. The link does not go to where they think it will. The link goes to a survey, or a registration page, or an Identity Theft phishing page, for example, that pretends to be a Facebook age verification panel. "Are you 18 years old or older?" it asks. If you click "Yes", you go to more trouble in disguise.

The end result is you get a computer virus, your banking information on your computer is accessed, or your Facebook account is hijacked, and "you" start sending messages and wall posts promoting the scam to other friends on Facebook.

Like-jacking is similar. When you click Like on an image, like a poster promoting some charity or sweepstakes or free product, you unknowingly grant permission to a rogue app to hijack your Facebook account, and it starts spamming people in your name. The Like button is hijacked and diverted to a malicious purpose. In other words, Like is NOT Like, but a link to something that enables you to be hacked.

Keep these tips in mind -- and you'll have a safer, more satisfying experience on Facebook.

Read "Facebook Clickjackers" on the excellent Sophos Naked Security blog.

No comments: