What is Likejacking?

At the moment, my Facebook News Feed has several entries, all willing me to click and see the “Biggest Baby Born” video. I’m not interested in doing so anyway, but I thought it was curious that many of my friends – very intelligent friends – did indeed click on it, “Liked” it, and shared it. Or did they?

Clickjacking is a way that malicious code on a website is hidden under legitimate buttons, or other clickable content. It’s a another sneaky way for cyber-criminals to trick us into visiting another site. When Facebook is involved, it’s referred to as “Likejacking”, with the goal of most of these scams being to try to  collect your personal information (isn’t is always?) Facebook claims to be working on new ways to deter Likejacking, but so far, not much has been done.

When you click on one of the links, and then click anywhere else on the screen with your mouse, you are tricked into “Liking” the page, which then shares it with your friends, and helps spread the scam. Other common scams you’ve probably seen? “You’ll never believe what this six-year-old found in his Happy Meal”, even video footage from recent disasters such as the Tsunami in Japan were used as scams.

If you fell for a Likejacking scheme, clean up the damage right away. Go to your News Feed and remove any of the links you spammed to your friends by clicking on the “x” in top right hand corner of the post, and “unlike” it. Then you’ll need to go to your own Facebook profile page, edit your page, then go through your “Likes” and delete the item there as well.

In the future, you can protect yourself from Clickjacking attempts by using free browser plug-ins. Firefox has one called NoScript. If you would try to click on the big baby video while using NoScript, it would immediately give you pop-up window, warning you of a potential Clickjacking scam.  And as usual…be careful what you click on.

–Angela Skinner Mullen