When a Facebook friend gets Clickjacked, what should you do?

Filed Under: Clickjacking, Facebook, Social networks, SophosLabs, Spam

Last night, I checked my Facebook page and noticed a strange post from a friend. The page had all the characteristics of a Facebook Clickjacking page: A link to an amusing/salacious video but in French.

When I visited the site and clicked on the video, I got a warning from NoScript.

NoScript blocking the clickjacking attack

And posted back to my friend that they had been Clickjacked. This morning I have been investigating a little further:
Facebook screenshot of french clickjack attempt

This particular site actually streams a video from YouTube and seems to be funded purely by advertising. When you click on the video, the JavaScript on the page posts a click to itself to your Wall (providing you are logged in) and plays the video.

So when a friend gets Clickjacked, you should point them at the following advice:

How to clean-up after a likejacking attack
If you made the mistake of clicking on a link spread via a scam message like the ones listed above, you should check your Facebook news feed and remove any offending links that you might have spammed out to your friends. Hover your mouse over the top right hand corner of the post and you should see a small "x" which will allow you to remove it.

And if you entered your mobile phone number, you should keep a close eye on your cellphone bill and notify your carrier to prevent bogus charges from stinging you in the wallet.

Remember to be wary of any links that look like this. If you really want to watch a video chances are that it's available for free - without you having to complete any surveys - on legitimate video sites like YouTube.

Going forward, it's essential that you stay informed about the latest scams spreading fast across Facebook and other internet attacks. Join the Sophos Facebook page, where more than 60,000 people regularly share information on threats and discuss the latest security news.

Check out this post by Graham for more information on how to clean up your account after being clickjacked. Take care!

, , ,

You might like

4 Responses to When a Facebook friend gets Clickjacked, what should you do?

  1. Tyw7 · 1663 days ago

    I PM my friend if they get clicked jacked. I also report the app to Facebook

  2. Thu Win · 1662 days ago

    Some friend you are!

  3. Rob · 1661 days ago

    I urge my clickjacked FB friend, and all my friends for that matter, to dump facebook and switch to google Buzz!

  4. Richard Wall · 1660 days ago

    I do try to warn and alert my friends but I'd say 80% ignore the advice and just allow it to continue.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Paul O Baccas (aka pob) joined Sophos in 1997 after studying Engineering Science at Oxford University. After nearly 16 years, he has left Sophos to pastures new and will be writing as an independent malware researcher. Paul has: published several papers, presented at several Virus Bulletins and was a technical editor for "AVIEN Malware Defense Guide". He has contributed to Virus Bulletin and is a frequent contributor to the NakedSecurity blog.