A senior technology consultant at Sophos Graham Cluley, said that millions of users had fallen victim to the “clickjacking” or “likejacking” scam.
What is Clickjacking?
Clickjacking is majorly used on Facebook. It is a security threat similar in nature to the code injected attacks. This is achieved by cyber-punks using transparent techniques to lure the Facebook users to click on a button or a link. Clickjacking is done by using a variety of links, both image and text to achieve the desired results.
The creation of the word “clickjacking” can be attributed to the nature of the attacks. The attack is intended to direct as many clicks as possible to a particular page by the means of fake news or video clips. Thus hijacking the clicks or “clickjacking”. The click then wither get the user to download something or are diverted to another page. Malicious content is cloaked under legitimate pages where cybercriminals make use of iframes and java script to load malicious content from a third party site.
Facebook, defines clickjacking in its own terms as “certain malicious websites that contain code to make your browser take action without your knowledge or consent”. Posts on the user’s wall create curiosity and lures the users to click on them. These links lead to third party sites which then through code injection spread the infected posts to that user’s contacts on Facebook.
How do users encounter this threat?
Such threats are majorly eminent on social networking sites with the features of like and share. The posts are designed to create curiosity which instigates the users to click and share them. Thus knowingly or unknowingly we as users to these sites become a medium for their propagation.
Use of Social engineering for Clickjacking?
Wall posts and other techniques used for clickjacking are designed in such a way that they do not look suspicious. Some of the methods used are as under:
Exclusive video and image Clips. Dome post claim to have the pics or videos of an event or about someone that are exclusive. Such luring content pulls the users to read this content thereby falling a victim to clickjacking.
Latest Updates on existing News. We all want an update on the current news and events. Hiding under the mask of such events Clickjacking takes advantage of such users on social networking sites. The most recent example of this was Rowan Atkinson died in a car crush.
Latest Breaking News & Gossips. News regarding celebrities and showbiz events including but not limited to hoaxes are used to trick users.
Offers, Promotions & Win a something Contests. Users are usually attracted to offers, posts and advertisements on social networking sites where content like, “click here to win an iPhone 7”. Click them leads to a survey form and asking the user to like or share the post.
Consequences of liking or click such content?
Social networking sites are now act as the mother ship to such attacks. Once you have clicked on them you are directed to third party sites. These sites generate revenue from these organic visits. Moreover these clicks are harvested to gain the information about the user’s geo location, machine, IP address etc. Some sites ask the user to like and/or share the post to be able to see the exclusive content or enter a contest to win a car or an IPhone.