Watch out for 'Likejacking' on Facebook

As Facebook moved past Orkut to become the most visited social media site, with close to 20.9 million visitors from India last month, it also bagged the title of being the breeding ground of online spammers and e-frauds.

Security researchers have warned about the latest Facebook threat, dubbed as ‘likejacking’, which tricks users into clicking a link that marks a spam site as one of user’s Facebook “likes.”

These updates show up on user’s profile, where friends can see the link and click it, allowing the vicious, viral cycle to continue. In all these cases, users are directed to a rogue Facebook application, asking for permission to access the user profile. Once the permission is given, the application can post spam messages from the user’s account and ask them to complete an online survey (the scammers earn commission for every survey that is completed).

Sophos, a security developer and an anti-virus vendor, wrote in its blog: “The social network should tighten the way it handles the ‘liking’ of external web pages before it is more widely abused by malicious hackers and spammers.” Sophos claimed that “hundreds of thousands” of Facebook users have already been duped by several ‘likejacking’ frauds.

Carl Leonard, senior manager, Websense Security, says, “Because Facebook users are very familiar with the ‘like’ button option, they are more likely to trust it. This trust means the guard is lowered and there will be a high number of people fooled into unknowingly clicking through to a malicious website.”

Websense has a Defensio Application for Facebook that is available for free to consumers and a small fee for businesses.

The ‘likejack’ spam comes on the heels of another Sophos-issued warning early this month concerning a malicious Facebook scheme designed to dupe users into installing adware onto their machines.

Adware is a software package that automatically plays, displays or downloads advertisements onto a victim’s computer.

“With hackers keeping their fingers on the pulse of popular social trends, especially as it relates to social networking sites that span hundreds of thousands of people across the globe, all users must remain vigilant of these types of spoofs,” says Amit Nath, country manager (India and SAARC), Trend Micro, a security vendor.