Likejacking

Likejacking is a method to induce visitors or members of the social network Facebook to unintentionally carry out a "Like" action by clicking on a (possibly hidden) button. As a result of this action, a status message is issued on Facebook and a page is posted under the "Like" category at the same time. The term likejacking comes from a comment by Corey Ballou in the article How to "Like" Anything on the Web (Safely) . Put simply, likejacking is a phishing variant for Facebook.

Likejacking process

The "Like" button usually follows the mouse pointer in a hidden manner, so that the user triggers the "Like" action with the first click. If the user is already logged in to Facebook with his browser , the "Like" status is displayed immediately after the wrong click in the user's profile. Otherwise, the click leads to the Facebook login screen, which prompts you to log in. The user's status display, which has been changed by likejacking, can in turn prompt his friends to also click this link, which means that the fraud spreads further in the sense of a pyramid scheme.

hazards

The danger of likejacking is that visitors can be lured to a website with dangerous content that exploits security gaps in the browser. As with classic phishing, this can lead to anything from spying on personal data to the loss of an account.

protection

Likejacking can be completely prevented with the Adblock Plus browser extension . To do this, the blocking http://www.facebook.com/plugins/like.php?*rule must be added.
However, this also prevents intended “Like” actions on third-party sites, “Like” actions on Facebook itself are not affected.

Individual evidence

↑ Richard Cohen: Facebook Work - "Likejacking" ( Memento of the original from June 4, 2010 in the Internet Archive ) Info: The archive link was automatically inserted and not yet checked. Please check the original and archive link according to the instructions and then remove this notice. May 31, 2010, on: Sophos . @1@ 2
↑ Corey Ballou: "Likejacking" Term Catches On. ( Memento of the original from June 5, 2010 in the Internet Archive ) Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice. February 6, 2010 on: jqueryin.com @1@ 2
↑ Sarah Perez, "Likejacking" Takes Off on Facebook. ( Memento of the original from August 16, 2011 in the Internet Archive ) Info: The archive link was automatically inserted and not yet checked. Please check the original and archive link according to the instructions and then remove this notice. February 6, 2010 on: readwriteweb.com @1@ 2
↑ David Müller: How to get “Likes” on Facebook March 5, 2011 at: d-mueller.de
^ Daniel Bachfeld: Clickjacking for social networks: Likejacking. February 6, 2010 on heise.de .

[1] Richard Cohen: Facebook Work - "Likejacking" ( Memento of the original from June 4, 2010 in the Internet Archive ) Info: The archive link was automatically inserted and not yet checked. Please check the original and archive link according to the instructions and then remove this notice. May 31, 2010, on: Sophos . @1@ 2

[2] Corey Ballou: "Likejacking" Term Catches On. ( Memento of the original from June 5, 2010 in the Internet Archive ) Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice. February 6, 2010 on: jqueryin.com @1@ 2

[3] Sarah Perez, "Likejacking" Takes Off on Facebook. ( Memento of the original from August 16, 2011 in the Internet Archive ) Info: The archive link was automatically inserted and not yet checked. Please check the original and archive link according to the instructions and then remove this notice. February 6, 2010 on: readwriteweb.com @1@ 2

[4] David Müller: How to get “Likes” on Facebook March 5, 2011 at: d-mueller.de

[5] Daniel Bachfeld: Clickjacking for social networks: Likejacking. February 6, 2010 on heise.de .