Home / Facebook Hacks / How Facebook Clickjacking Spam works

How Facebook Clickjacking Spam works

Hello friends, today i will explain you How you all can prevent or protect your Facebook profile or account from getting Clickjacked by spammers or hackers or unwanted marketers. In last few weeks lot of media has exposed hidden dangers of using Facebook like privacy violation, getting spams or walls flooded by unwanted marketers or Facebook app alerts. But my friends these media people always make hype of small things. They usually blame the main organization in case anything unusual of the above things mentioned. But friends fault not always lies with main Company, sometimes you and other things are responsible for that like you not updating your web browsers, not installing patches, not regularly updating antiviruses, not using web security toolbar etc. Clickjacking is one of those loophole, which is not because of Facebook, its because of your vulnerable web browsers. So friends lets first learn what is clickjacking and how Facebook Clickjacking spam works..
How Facebook Clickjacking Spam works
Facebook Clickjacking hack or spam
What is Clickjacking?
Clickjacking is a technique used by hackers or spammers to trick or cheat the users into clicking on links or buttons that are hidden from normal view (usually links color is same as page background). Clickjacking is possible because of a security weakness in web browsers that allows web pages to be layered and hidden from general view. In this situation what happens is that You think that you are clicking on a standard button or link, like the PLAY button or download button on an video or some stuff, but you are really clicking on a hidden link. Since you can’t see the clickjacker’s hidden link, you have no idea what you’re really doing. You could be downloading or making all your Facebook information public without realizing it. Some good hackers make ajax and put them as javascripts over their fake websites and when you open them they retrieve all your passwords stored in web browser and records whatever you type while the web browser is open and stores this information on their servers.

There are several types of clickjacking but the most common is to hide a LIKE button under a dummy or fake button. This technique is called Likejacking. A scammer or hacker might trick you by saying that you like a product you’ve never heard. At first glance, likejacking sounds more annoying than harmful, but that’s not always true. If you’re scammed for liking Mark Zukenberg​, the world isn’t likely to end. But you may be helping to spread spam or possibly sending Friends somewhere that contains malware.

How can you avoid being Clickjacked by Spammers or Hackers?
There are lot of ways by which you can protect yourself from getting ClickJacked and hence minimize the risk or falling prey to hackers or spammers. But simplest one by using latest web browser or installing latest updates. The browser companies are continually adding updates to shut down vulnerabilities that allow clickjackers and other scammers to operate. 
If you’re using Firefox, also consider installing the NoScript add-on. Beyond that, pay attention to what you’re getting and from whom. Would a college professor really share a post about watching hidden camera videos? If a post from one of your Friends seems suspicious, don’t click on it!
A suspicious post could be a sign that your Friend’s has been hijacked or that your Friend has been clickjacked to LIKE or SHARE something without knowing it. If you know your Friends, you’ll know what those Friends really would LIKE or SHARE. That’s why one of your best protections against scams is not confirming Friend requests from people you don’t actually know.
Another great tool to help you avoid clickjacking is Web of Trust (WOT). WOT is a free browser tool that maintains a database of known safe sites as well as malicious sites reported by the WOT community. Attempt to visit a known malicious site and WOT warns you in advance. The WOT download is simple to install.

Some Security Tips:
• Keep your antivirus, anti-spyware, web toolbar, web browser and system upto date by installing all security updates and security patches.
• Don’t click on suspicious links or the links generated by Facebook applications.
• Use available security tools mentioned above to stay safe and protected.
Facebook also has checks in place to detect malicious and spam websites. Adding WOT to the existing Facebook checks gives you one more tool in your arsenal against hackers. The two checks work together to provide a joint warning system if you attempt to visit a site reported to have malware, , or spam.
That’s all for today my friends. If you have any queries or issues ask me in form of comments.

About Lokesh Singh

Hello Friends, i am Lokesh Singh, certified Ethical hacker ( CEH, SSA, CSIF , CISSP). Have 8+ years of extensive experience in Ethical Hacking, Cyber Security and Penetration Testing domain.

Leave a Comment