I may not know if I’ve been likejacked, but my friends will. That’s because “likejacking” involves Facebook attackers tricking you into clicking “Like” when you don’t—then spewing all over your friends’ news feeds.
According to the Sophos Internet security site, likejacking starts with a two-layered webpage. The front displays a lure, like “One of the craziest ways to eat a banana.” But when you bite, you’ve actually clicked on a back layer, designed with a FB Like button configured to follow your cursor and spread spam.
Just this week the Washington State Attorney General’s Office reached a settlement with a California-based online company they allege spammed FB users through “likejacking and other misleading tactics [which lead people to] fork over personal information or buy subscription services from sites that appeared to be recommended by friends.”
One of the messages sent by Adscend Media LLC allegedly declared “This man took a picture of his face every day for 8 years!!” and tricked FB users into clicking links to reveal the content; which in many cases, the AG’s office says, was never revealed.
Adscend-initiated messages that appeared to come from your FB friends actually originated from an affiliate trying to generate sales commissions with a commercial advertiser, the AG’s office says. The company, which did not admit liability in the matter, was also sued by Facebook in January of this year. See the Attorney General’s press release for details.
What to Do About Lifejacking—aka Clickjacking
- Sophos suggests that you carefully review your wall posts if you were tempted to click through a known scam and
- Review all your installed FB applications periodically
- According to Techie-buzz.com, the Mozilla Firefox brower with a NoScript add-on is a good idea. For those with Opera or Google Chrome browsers, try NotScripts.
- Or, in Google’s Chrome browser, you can right-click a Facebook link to open it in Incognito Mode. This means when you arrive at the new page, you’re not logged in to Facebook.
To read Sophos’s recommendations for general Facebook Security, please visit their website.