Don’t get suckered by ‘clickjacking’ on Facebook

June 02, 2010

Scammers are now using a new social engineering technique called ‘clickjacking’ to convince social network users to post malicious links on their Facebook status updates.

“Social engineering techniques plays on people’s emotions, be it fear or humour, to do something like sharing or clicking on a website hyperlink,” says Lynda Pasacreta, BBB President and CEO. “When we hear about a fascinating story, the first instinct is to share it with everyone we know without verifying the original source.”

In a report from Sophos, an Internet security company, Facebook users end up downloading viruses that put their computers at risk after clicking shared links (marked by users as ‘Like’ on Facebook) to stories that have attention-grabbing headlines, like:

• "LOL This girl gets OWNED after a POLICE OFFICER reads her STATUS MESSAGE."

• "This man takes a picture of himself EVERYDAY for 8 YEARS!!"

• "The Prom Dress That Got This Girl Suspended From School."

• "This Girl Has An Interesting Way Of Eating A Banana, Check It Out!"

If you have clicked on any of the following links, Sophos suggests going to your Facebook page and do the following:

1) Remove the page from your “Likes and interests” section.

    • Click “Edit My Profile”, then “show other pages”, and then “Remove Page” … or
    • Click “Account” in the top right corner, then “Edit friends”, select the “Pages” list, and click the X next to the page

2) Delete the page from your newsfeed - it will probably be in the “Recent Activity” section, but you may need to scroll down a bit to find it.

BBB offers the following advice for staying safe on social networking sites:

· Be extremely wary of messages from friends or strangers that direct the user to another website via a hyperlink.

· Users should always make sure their computer's operating system and antivirus and firewall software are up to date. In some web browsers, you can download security applications that will help to find and warn users about ‘clickjacking’ weblinks.

· Parents should become “friends” of their children. Joining Facebook and monitoring your kids’ activity will help to keep a close eye to what your kids are up to.

For more information on social networking tips, visit BBB’s website: