What is clickjacking on Facebook?
A senior technology consultant at
Sophos Graham Cluley, said that millions of users had fallen victim to the
"clickjacking" or "likejacking" scam. What
is Clickjacking? Clickjacking is majorly used on
Facebook. It is a security threat similar in nature to the code injected attacks.
This is achieved by cyber-punks using transparent techniques to lure the
Facebook users to click on a button or a link. Clickjacking is done by using a
variety of links, both image and text to achieve the desired results.
The creation of the word “clickjacking” can be attributed to the
nature of the attacks. The attack is intended to direct as many clicks as
possible to a particular page by the means of fake news or video clips. Thus
hijacking the clicks or “clickjacking”. The click then wither get the user to
download something or are diverted to another page. Malicious content is
cloaked under legitimate pages where cybercriminals make use of iframes and
java script to load malicious content from a third party site.
Facebook, defines clickjacking in its own terms as "certain
malicious websites that contain code to make your browser take action without
your knowledge or consent". Posts on the user’s wall create curiosity and
lures the users to click on them. These
links lead to third party sites which then through code injection spread the
infected posts to that user’s contacts on Facebook.
How do users encounter this threat?
Such threats are majorly eminent
on social networking sites with the features of like and share. The posts are designed to create curiosity
which instigates the users to click and share them. Thus knowingly or unknowingly we as users to
these sites become a medium for their propagation.
Use of Social engineering for Clickjacking?
Wall posts and other techniques
used for clickjacking are designed in such a way that they do not look
suspicious. Some of the methods used are as under:
Exclusive video and image Clips. Dome post claim to have the pics
or videos of an event or about someone that are exclusive. Such luring content
pulls the users to read this content thereby falling a victim to clickjacking.
Latest Updates on existing News.
We all want an update on the
current news and events. Hiding under the mask of such events Clickjacking takes advantage of such
users on social networking sites. The most recent example of this was Rowan Atkinson died in a car crush.
Latest Breaking News & Gossips. News regarding celebrities and
showbiz events including but not limited to hoaxes are used to trick users.
Offers, Promotions & Win a something Contests. Users are
usually attracted to offers, posts and advertisements on social networking
sites where content like, “click here to win an iPhone 7”. Click them leads to
a survey form and asking the user to like or share the post.
Consequences of liking or click such content?
Social networking sites are now
act as the mother ship to such attacks. Once you have clicked on them you are
directed to third party sites. These sites generate revenue from these organic
visits. Moreover these clicks are harvested to gain the information about the
user’s geo location, machine, IP address etc. Some sites ask the user to like
and/or share the post to be able to see the exclusive content or enter a contest
to win a car or an IPhone..
Source : http://www.howtoremoveit.info/
No comments:
Post a Comment