Clickjacking

“Think before you click!”

Parents and teachers dole out this advice to young internet users as a fail-safe rule of thumb. Thinking before clicking may take care of some problems—embarrassment caused by a hasty, hot-headed post—but not all things.

The trouble is, “thinking” is not always enough. A whole raft of malicious activity can lurk behind seemingly innocuous links. The term coined for this phenomenon is clickjacking, a term that describes the tricking of an internet user into clicking on one thing when actually it is a front for something else—something potentially sinister.

The tricky click leads the user to another site. For example, in an email, there may be a link to a video about celebrity news, but another page could be loaded “behind” the link. Clicking it results not in watching the video but rather in buying a product online. Other clickjacking exploits include: causing a user to follow a person on Twitter, causing someone to publicise their social media profiles, or sharing spammy links on Facebook.

Likejacking*

“Likejacking” is another possibility on Facebook. “Liking” a photo of canoodling otters, for example, could mask actions that unleash a viral or spam attack. Malicious “likes” are engineered by hackers to drive business, infect computers with worms, or create general havoc. “Like fraud” is a real problem; it can occur when visiting sites and clicking on what appears to be a Facebook Like Button. Clicking the fake like button can cause a number of problems, the least of which is spamming Facebook friends with advertising or inappropriate posts. [* The correct term is “linkjacking,” i.e., hijacking a link; but some pundits have come up with this more apt expression to refer to hijacking a “like” on Facebook.]

What To Do

If you find you have “liked” something on Facebook that is dubious or that you do not remember “liking,” you may have been “likebaited.” The friendly protocol is to remove the offending like from your profile and, if necessary, apologise to your friends with a status update.

Prevention comes in the form of software, plug-ins, and bookmarklets, most of which come at a price. The cheaper preventative is raised awareness and cautious online behaviour. Be aware that the Like Button is an apparatus of Facebook’s advertising machinery. You may want make a personal (or family) policy of not “liking” products or services. Think twice before “liking” funny photos, inspirational quotes, etc., from unknown sources. Check your profile occasionally and scrutinise your “likes,” deleting the unsolicited ones.