Facebook sues alleged clickjacking firm

Filed Under: Clickjacking, Facebook, Featured, Law & order, Social networks, Spam, Vulnerability

Click of the mouseFacebook has launched a lawsuit against the owners of Adscend Media, alleging that they developed and encouraged others to spread spam using a variety of tactics - including clickjacking.

Facebook users are too painfully familiar with scams which trick them into completing online surveys or signing up for premium rate mobile phone services.

Here's how a typical scam works.

A Facebook user is lured into clicking on a link, having been promised the chance to see a shocking video or other salacious content.

Clickjacking attack on Facebook

However, when they reach the page they often told that they must complete an online survey or provide personal information first.

In the case of clickjacking, also known as likejacking, users are tricked into clicking on an invisible "Like" button that follows their mouse across the screen, not realising that they are recommending the webpage to all of their Facebook friends.

No matter where you click on the webpage, whether it be "Lady Gaga found dead in hotel room", "Japanese Tsunami Launches Whale Into Building", naked photos of a female popstar or "101 Hottest Women in the World," you are actually clicking the Facebook Like button and further spreading the spam.

Clickjacking attack

Facebook and the US state of Washington have filed suits, alleging violations of the CAN-SPAM Act and other laws, against Delaware-based Adscend and co-owners Jeremy Bash of Huntington, West Virginia and Fehzan Ali, of Austin, Texas.

According to Assistant Attorney General Paula Selis, who heads the office’s Consumer Protection High-Tech Unit, at one point Adscend's spam campaigns were earning the defendants $1.2 million a month.

Here at Sophos, we're delighted to see Facebook taking action against those alleged to be involved in scams on the social network.

How to clean-up after a likejacking attack

If you made the mistake of clicking on a link spread via a scam message, you should check your Facebook news feed and remove any offending links that you might have spammed out to your friends. Hover your mouse over the top right hand corner of the post and you should see a small "x" which will allow you to remove it.

And if you entered your mobile phone number, you should keep a close eye on your cellphone bill and notify your carrier to prevent bogus charges from stinging you in the wallet.

Remember to be wary of any suspicious links. If you really want to watch a video chances are that it's available for free - without you having to complete any surveys - on legitimate video sites like YouTube.

Going forward, it's essential that you stay informed about the latest scams spreading fast across Facebook and other internet attacks. Join the Sophos Facebook page, where more than 160,000 people regularly share information on threats and discuss the latest security news.

, , , ,

You might like

6 Responses to Facebook sues alleged clickjacking firm

  1. Finally facebook is taking action against Clickjacking and I think thats good because Click and Like jacking have grown at an explosive rate across this site and there are some of the 800million that find it funny to do such a thing but the rest of us find it just plain irritating and a pain so finally facebook is listening to us to sort it out and that makes me pleased

  2. Cindy · 1350 days ago

    Thank you for the info I've been telling them there spam or phishing but you still see them posting them !!

    • goober · 1350 days ago

      If the idiots would quit "Clicking" they would have no reason to post.

  3. mike · 1350 days ago

    You know, you guys are like the news everytime I turn it on its bad news. lol
    as I work in the filed of computer repair, your information is very much needed shot in the arm.
    Thanks for the great work here.
    I always say to myself man I wish all these scammers, hackers digital thieves would all die off or people would get smart and stop falling for the scams, then I would have a whole lot less work to do.

  4. Jamez · 1350 days ago

    And why not the other affiliate networks? there are many.

  5. Darkmirror · 1347 days ago

    That kind of thing happend to me once.
    I clicked the link posted by a friend and ... Plopp! I was on a Page and there was this advertisement, wich never ended and couldn't be closed, blocking the video. The first thing I did was to report the Spam and since then I have been much more careful on Fb.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at https://grahamcluley.com, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley