Spams and Scams have always been the bane of online social networking, and, social media giant Facebook with 750+ million users has been the target more often than not. Security company Symantec recently set out to estimate likejacking attacks on Facebook and found that up to 15 percent of unique posts were identified as such.
Likejacking is a derivative of the term clickjacking, which means asking a user to click something while a different action takes place behind the scenes.
For example, who has not been tempted to click on an enticing video on a friend’s Facebook wall with alluring tags such as, “WOW, YOU WILL NEVER BELIEVE THIS”?. Often, the link is corrupt, taking the user-turned-victim to a blank page with only a tab that reads “click here to continue”. Clicking on the tab publishes the original message onto their own Facebook page, complete with a ‘Like’ notation, which effectively recommends the unwanted link to all of their Facebook friends. Thence, the video is posted on the victim’s wall waiting to go viral.
Not only can likejacking cause embarrassment to a victim, but it can also be used by scamsters to infect PCs with malware or steal online account information.
Symantec, analyzed the 3.5 million video posts, in August, in order to promote their own product – Norton Safe Web for Facebook. This is a free Facebook app that scans News Feeds and identifies URLs containing security risks, such as phishing sites, malicious downloads and links to unsafe external sites.
The app, displays detections as a part of the scan report and posts it to the User’s Wall so that their friends are warned against clicking on the link, thereby affording protection against likejacking.
The Norton application promises to scan links posted within a 24 hour time-frame and members can visit the Norton Facebook page to access the Cybercrime Index, which is updated daily to reflect the threat level for each day.
To provide better protection in case of shortened URLs such as those from bit.ly, tinyURL etc., the app looks up the full URL for each shortened URL and checks its site rating.
It is interesting to note that in July, FB launched a security bug bounty program for identifying flaws within its network. Commenting on the program, Joe Sullivan, Facebook chief security officer had said, “It has been amazing to see how independent security talent around the world has mobilized to help. Facebook truly does have the world’s best neighborhood watch program, and this program has proven that yet again for us.”
In August, Facebook CEO Mark Zuckerberg had remarked that apps which spam his social network are ‘lame’.
It would be intriguing to know how Palo Alto reacts to this survey from Symantec and whether video-sharing service YouTube would be keenly observing the developments.
The Norton Safe Web Facebook app is available via Facebook on http://safeweb.norton.com/lite?fb