What is "Likejacking"?

Sophos Senior Security Advisor Chester Wisniewski explains this malicious Facebook phenomenon

"Likejacking" is a Facebook-specific version of an attack called "clickjacking." The purpose of the attack is to get you to click items on a webpage without your knowledge.

Facebook attackers present a web page that actually has two layers. The back layer is designed with a Facebook "Like" button configured to follow your mouse cursor. The front layer shows whichever lure you are unfortunate enough to be tricked by. No matter where you click on the webpage, whether it be "One of the craziest ways to eat a banana" or "101 Hottest Women in the World," you are actually clicking the Facebook Like button and further spreading the spam.

The earliest instances of likejacking seemed to be a proof of concept that the attack would actually work. Since those first attacks, likejacking has evolved into a money-making scheme through a technique called affiliate marketing. Affiliate marketing pays the affiliate for every person who views an ad, signs up for a service or registers on a given site. We have yet to see these attacks lead to malicious content, but it is only matter of time until they do.

One reason this attack works is that Facebook does not require any confirmation when you click the Like button. Though confirmation would not entirely prevent the attack, it would complicate the attack and potentially discourage its active exploitation.

Users should carefully review their wall posts if they were tempted by and clicked through one of these scams. Reviewing installed Facebook applications periodically is also a smart idea to defend against many of the ways users are victimized on Facebook.

For step-by-step instructions on how to secure your Facebook account and keep your information safe, read Sophos's recommendations for Facebook settings.

download Download our free Virus Removal Tool
Find what your antivirus missed