ClickJacking

=Don’t Be a Victim of Clickjacking (Likejacking)= By Karen Urgitis, Instructional Technology Coordinator

Computer hackers have been around ever since computers were invented. Very smart, astute programmers who learn to navigate through software, were opening backdoors and entering into systems that were previously considered “secure.” As computers evolved and became more advanced, so did the skills of the hackers. Email accounts continue to be compromised by devious schemes to garner private and personal information. Spam filters do their best to thwart these invaders, but it’s like running on a treadmill – lots of energy is expended but you really aren’t going anywhere.

Now, more and more people are computer users who have skills necessary to contribute to shared, global, digital venues. Web 2.0 tools such as social networking web sites through //FaceBook// allow those who are “click-enabled” to operate these tools with great ease. Equally as easy, that same user can fall prey to the newest scam – clickjacking (aka likejacking).

What happens: Let’s say you have a //FaceBook// account and all your profile settings are secure – only allowing Friends access to your pages, albums, videos and privy to your personal information. But suddenly, on your NewsFeed, there is a link from one of your friends stating that they “Like” something – a web site – video – or another //FaceBook// page. You know that this had to come from your friend because your account is locked down tight, and indeed it is secure and, yes, the link did come from that friend. Next, you click on the link to see what your friend is sharing. In most cases, it seems unreal that your friend “likes” this topic – but curiosity takes over and you want to know what or why your friend would choose this. The next screen that comes up indicates that you have one more step to follow – and respond to a survey. If you move forward from this point, what you are actually doing is supplying your personal information to the computer hackers….as this message on your //FaceBook// page was never really from your friends – your friend was also a victim of this scam, also know as a phishing attack (fishing for information).

How this happens: The scammer is able to create a new page with layers. It may appear to be a button for you to [Play] a video, make a [Select]tion, or [Remove] a post. But this layer is over the actual programming script for selecting [Like] on the //FaceBook// page. In effect, this adds the offending post to your Likes and Interest section of your profile. Even trying to [Report] this link could be misdirected. Once this [Like] is in your profile, it will begin to appear on your Friends’ pages, and so the scam continues. While some of these attacks my include a download of malware or spyware on your computer (run a virus check if this happens to you) most are designed to prompt the user to complete the survey and hopefully, for the scammer – your cell phone number or credit card information. It may be a good idea to put a purchasing block on your cell phone (call the provider and ask about that – it will keep from getting bogus charges).

Precautions to take: If a suspicious post appears on your NewsFeed, don’t click it or any other link associated with the link. Trying to remove it can work against you as well. Realize that, like email spamming, social networking spamming outside of the sponsored ads is increasing. If you try to report this to FaceBook at abuse@facebook.com, you will get a response to access a Help Page to “help yourself” find a solution. Should you hit a questionable link and get to a page that asks you to complete a survey – don’t click anywhere – immediately remove your hands from the mouse and press Alt-Control-Delete on a PC to end the task forcibly, or Command-Option-Esc on a Mac to force quit. Quit out of the browser, then go back in and check your //FaceBook// profile to make sure the link hasn’t been added to your Likes and Interests or to your Pages sections. And don’t keep logged in to //FaceBook// unless you are actively using the site. Some people use //FaceBook// as their home page, and leave it up and running while they access other sites – this leaves the door halfway open to hackers. Also, change your password regularly.

For more information on social networking’s latest hacker attack – check out the following link (you do trust me, don’t you?)

[]