When a Facebook friend gets Clickjacked, what should you do?


Last night, I checked my Facebook page and noticed a strange post from a friend. The page had all the characteristics of a Facebook Clickjacking page: A link to an amusing/salacious video but in French.

When I visited the site and clicked on the video, I got a warning from NoScript.

NoScript blocking the clickjacking attack

And posted back to my friend that they had been Clickjacked. This morning I have been investigating a little further:
Facebook screenshot of french clickjack attempt

This particular site actually streams a video from YouTube and seems to be funded purely by advertising. When you click on the video, the JavaScript on the page posts a click to itself to your Wall (providing you are logged in) and plays the video.

So when a friend gets Clickjacked, you should point them at the following advice:

How to clean-up after a likejacking attack
If you made the mistake of clicking on a link spread via a scam message like the ones listed above, you should check your Facebook news feed and remove any offending links that you might have spammed out to your friends. Hover your mouse over the top right hand corner of the post and you should see a small “x” which will allow you to remove it.

And if you entered your mobile phone number, you should keep a close eye on your cellphone bill and notify your carrier to prevent bogus charges from stinging you in the wallet.

Remember to be wary of any links that look like this. If you really want to watch a video chances are that it’s available for free – without you having to complete any surveys – on legitimate video sites like YouTube.

Going forward, it’s essential that you stay informed about the latest scams spreading fast across Facebook and other internet attacks. Join the Sophos Facebook page, where more than 60,000 people regularly share information on threats and discuss the latest security news.

Check out this post by Graham for more information on how to clean up your account after being clickjacked. Take care!