Is Your Facebook Page in Danger of Being "Click-jacked?"

BewareOfFacebook.jpgApril 2011

Social media enthusiasts—be careful what you click for. Facebook and other social media sites are accessed by millions of people every day looking to connect with friends and family and share information. If you aren't careful with the material you access on these sites, you could fall victim to a malware scam. While malware attacks on unsuspecting social media users are nothing new, a "click-jacking" worm has been popping up on Facebook recently. This hacking technique could potentially cause major damage to users' PCs and mobile devices and may result in identity theft and fraud.

What is "Click-jacking"?

Click-jacking, also known as a "UI redress attack," occurs when a hacker hides malicious coding beneath what appears to be legitimate buttons or other clickable content. Clicking on the link will take you to what appears to be a YouTube-like page or a page that says "Click here to continue," which is really a transparent layer on top of another page. The user clicks on what they think are buttons on that page, but actually control the page underneath. Any click on the page re-posts the link on that user's Facebook and may post it to friends of that user. The user is asked to complete a survey before viewing the video, which adds what is called a "lead-gen" layer to the scam.

What do these links look like?

Hackers can get people to click on the links by disguising them as content that users may find interesting, whether it is about a celebrity or advertising a free iPad or airfare. Other examples include links such as "This man takes a picture of himself everyday for 8 years!" or "Click to see who's been viewing your profile!" Users are more likely to click on the link if they see that their friend "likes" this link, unknowingly spreading the malware to their own computers and other users.

What could happen to your computer/mobile device?

Malware can affect your computer or mobile device in a number of harmful ways, including stealing personal information, slowing down or crashing your computer, and even using your computer as a server to broadcast pornography files. Checking your Facebook account on your Smartphone could increase your risk of getting hacked—the screen may be too small for you to recognize a suspicious-looking link until it's too late. For those of us who rely heavily on mobile devices to check bank and credit card accounts, this could be a recipe for disaster. To be on the safe side, don't store sensitive information on your mobile device.

What else can these viruses affect?

This form of hacking affected thousands of Twitter accounts in August and September 2010, when an outbreak of a similar worm conned Tweeters into clicking on a button that caused them to re-tweet an infectious page. The link would usually have to do with a trending topic on Twitter so that users would be more likely to click on it. The programs Adobe Reader and Flash are also targeted by hackers, who use similar methods to get personal information from people; users are redirected to an infected web page and asked to update the programs. In the past, hackers figured out how to trick users into switching on their microphone and webcam to reveal personal information, which has since been corrected by Adobe.

What can I do to protect myself?

If you've already clicked the link, delete the spam status on your Facebook profile as well as any spam wall postings on your friends' profiles. Alert them not to click on the link, as some postings can seem personalized by including the person's name. Facebook also advises you to check the info tab on your profile; under the "Likes and Interests" section, delete the pages if they popped up there. Internet security and antivirus software company BitDefender recently launched Safego, a free application which scans any links posted to the Facebook user's page and protects against spam. Run a virus scan as soon as possible to prevent hackers from accessing your information. Keep a close eye on your online checking accounts and credit card accounts to ensure that there is not fraudulent use. To avoid future incidents, don't assume that just because a friend posts or "likes" a shared link that it is safe to access. Run your mouse over the link to see the page coding in the bottom left corner of the browser—if it looks "phishy", it probably is. Whether it's out of habit or because your interest is piqued, think before you click.


©2013, FoolProof Financial Education Systems, Inc. All rights reserved.