Likejacking Scams on FacebookBy: Heather Campobello - April 16, 2012
Be careful who you friend and what websites you are being requested to visit because some sites employ a “Manual Sharing Scam” – better known as “Likejacking” or Clickjacking. Once users click on these scamming sites they could receive posts on their wall that say they “Like” the site, in an effort to spread itself virally.
The scam spreads once FB friends of the victimized user click on the link that was posted on their wall, thus continuing the chain.
Candid Wueest is an employee at Symantec and explains that in the Uncle Scam likejacking scam:
“Even though it might appear that one of your friends has shared this link, he or she most likely did not do it knowingly. This is because whenever someone follows one of these malicious links, he or she ends up at an intermediate site on Facebook that will then load an “iframe” from a remote site. In this particular case, the remote site hosted four more scams targeting Facebook, each with different themes. The iframe loads an Uncle Sam image from a free image-hosting site and then asks the user to click on some part of the image. However, what the user doesn’t see is that the attacker has also loaded a Facebook site, but has modified it to be invisible. The hidden page that is loaded is the Facebook “Like button” page, which is conveniently placed under the mouse pointer of the user. Hence, when the user clicks on the colored bars of the image, he or she is actually clicking on the invisible Like button and consequently shares the attacker’s link with all of his or her friends on Facebook. (The same trick is attempted with an invisible “Share” button).”
PCWorld identified fbeditionrose.com, editionroseplus.com, and nouvelleroseplus.com as some of the sites people should avoid.
The article also detailed how there are several fake Facebook sites that request personal information for the chance to win free deals. These sights can be harmful in that they can infect your system with malicious code, recruit your computer into a zombie botnet, install software on your computer, and steal passwords or financial data.
The following YouTube video demonstrates how a user can be tricked into sharing potentially malicious links on their Facebook profile page.
To be safe, Facebook users are encouraged to Remain skeptical of messages posted in social networks, even if they are from friends. Users should aslo avoid downloading files or filling out questionnaires just to see a picture or a video.
Share you likejacking stories with us.