Facebook Clickjacking - Be careful with SHARE and LIKE Buttons - Security Protection

Common Tasks

Community

Email Notifications

Personal Links

Security Protection - Harry Waldron (CS)

Security Best Practices, Breaking News, & Updates

Facebook Clickjacking - Be careful with SHARE and LIKE Buttons

In Facebook, clickjacking attacks continue to circulate using the "Like" or "Share" buttons that will surreptitiously link you to malicious websites. Always be careful with all links or any buttons offered to you. As the old saying goes, "Think before you click" or you may be spending hours repairing your PC. Always be careful in sharing any personal information in social networking applications.

Facebook Clickjacking Attack Spreading Through Share Button
http://www.sophos.com/blogs/sophoslabs/?p=10716
http://www.informationweek.com/news/security/attacks/showArticle.jhtml?articleID=226700456

QUOTE: Facebook users came under attack from a new clickjacking scam that could result in lost money as well as aggravation, spread by the social networking site's Share button. Those behind this latest Share button scam want Facebook users to answer a few questions within a simple survey; one blank is the request for a cell phone number. By providing their cell phone number without reading the fine print, users are subscribing to a paid-phone, automatically renewing service that charges $5 per week via the cell phone bill. "Unfortunately, most people won't read the fine print and will willingly hand over the information and likely won't notice the charges until the end of the month,"

PREVENTION: AVOID accessing “Top 10 Funny T-Shirt Fails ROFL.” link and filling out "verification page" requesting your cellphone. "Funny T-Shirt Fails" scam costs victims a $5 weekly charge on their cell phone bill, finds Sophos.

Likejacking Worm - Dangers of selecting "Like" button on malicious pages
http://www.sophos.com/blogs/sophoslabs/?p=9783
http://www.sophos.com/blogs/gc/g/2010/05/31/viral-clickjacking-like-worm-hits-facebook-users/

QUOTE: The technique is exactly as Graham describes - when you “Click here to continue” you’re in fact clicking an invisible link (detected as Troj/Iframe-ET) which marks the website as one that you “like” in Facebook. This of course posts a message to your newsfeed, your friends see it and click on it, and so it spreads

Posted: Aug 22 2010, 08:43 AM by Harry Waldron | with no comments |

Questions? Contact Susan at Susan-at-msmvps.com. Each post's copyright held by the original author. All rights reserved. Blog site is an independent site not sponsored by Microsoft.
Our servers would like to thank www.ownwebnow.com and www.exchangedefender.com. We wouldn't be here without the generosity of Vlad Mazek and his companies.

Powered by Community Server (Commercial Edition), by Telligent Systems

Theme based on the Paperclip Blog Theme included in Community Server.
Enhanced to a Site-Wide Theme by Interscape Technologies.