IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Facebook hit by more clickjacking attacks

Facebook has become the victim of more clickjacking attacks forcing users to 'Like' webpages without them knowing it.

Facebook

Facebook has been hit by yet more clickjacking attacks, forcing users to 'Like' webpages on the social networking service.

Numerous users' Facebook profiles have been updated by the attack to say they like a webpage with the seductive title of 101 Hottest Women in the World, Sophos has reported.

The technique, which the security firm has dubbed "likejacking", hides an "invisible button" under a user's mouse meaning that wherever they click on the webpage, the click is captured by the hackers running the operation. This then tells Facebook that the user likes the webpage without them knowing it.

Graham Cluley, senior technology consultant at Sophos, explained that the people behind the attack are simply trying to make money.

"The site is part of the CPALead advertising network, popping up a survey asking for personal information and helping to generate revenue for those behind this scam," Cluley said in a blog post.

It was just last month that the security expert picked up on a similar attack that hit over the second May bank holiday.

A Facebook spokesperson told IT PRO that the social networking giant is constantly working to improve its systems and is building additional protections against this kind of behaviour.

"In recent weeks we've taken action to block a number of URLs associated with malicious content, and we're cleaning up the relatively few cases where these URLs have been posted. Overall, an extremely small percentage of users have been affected by this. As always, we're asking people not to click on suspicious links," the spokesperson added.

User response

Despite Facebook's claims, 95 per cent of respondents to a Sophos poll have said that the social networking firm is not doing enough to stop clickjacking attacks.

"What's clear is that Facebook needs to set up a proper early-warning system to alert users about breaking threats," Cluley added.

"It seems wrong that the only place where Facebook users can read about the latest attacks is on the pages run by security vendors on Facebook, rather than Facebook's own security pages."

Another hijack attack

Sophos has also picked up on another Facebook threat that has enticed over 190,000 people into clicking a link from a rogue application.

Once the link is selected, users are redirected to a page promoting an application claiming to show a video of a teacher assaulting a student.

Those who attempt to follow the instructions to view the video will allow the application to access their profile and repost a spam message on their wall, advertising the ostensibly shocking footage.

Cluley warned that other spam sent from a hijacked account could be designed to spread malware or phish friends' password details.

Those hit by the attack should check their privacy settings and take the application off of their profile, the security guru recommended. He also advised deleting any posts that the application may have placed on users' news feeds.

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Recommended

Meta hit with €17 million fine over multiple GDPR breaches
data protection

Meta hit with €17 million fine over multiple GDPR breaches

16 Mar 2022
Meta says Apple's iOS privacy changes will cost it $10 billion in 2022
privacy

Meta says Apple's iOS privacy changes will cost it $10 billion in 2022

3 Feb 2022
Google, Facebook fined €210 million for making it difficult for users to reject cookies
Policy & legislation

Google, Facebook fined €210 million for making it difficult for users to reject cookies

6 Jan 2022
The IT Pro Products of the Year 2021: The year’s best hardware and software
Hardware

The IT Pro Products of the Year 2021: The year’s best hardware and software

31 Dec 2021

Most Popular

Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

13 May 2022
How full-stack observability can accelerate IT innovation
Sponsored

How full-stack observability can accelerate IT innovation

3 May 2022