The Latest in IT Security

An interesting ClipJack

27
Jun
2011

Hi folks,

So, the most common thing that we see nearly every day is some form of ClipJacking on Facebook. Some folks call it ClickJacking, because the victim clicks on some button, and the web page intercepts the click and directs it somewhere else. Some folks call it LikeJacking, because it always tells all your Facebook friends that you Liked the video, even though you probably didn't even see the video, and almost certainly did not click the Like button. We call it ClipJacking, largely because it always seems to involve a video clip, and besides, it's a funny name.

Usually, the clip offers something naughty or prurient, which usually embarrasses the victim, and often ends up costing them $10 a month on their cell phone bill.

Anyway, whatever you call it, it's _really_ common. The perps are obviously making good money at it.

What's different today is that it now works on iPhone, and therefor probably iPod and iPad. Here's a screen cap of an iPhone getting nailed…

Fb1

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

It works like this. One of your FB friends "Likes" the vid, which asks the question "What is this?", and offers a still-shot of what appears to be a females private part, and if you click the link, you are taken to a blogger page, with the above video link. If you click the play button, you get an error, that looks like this …

Fb2

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Again, you never get to see the video, but all your friends get told that you did, and you Liked it! Given that your friends may include a spouse, or children, or parents, that might sting a bit. Not only that, but there are now companies collecting everyone's status updates, and then providing that information as part of background checks, when, for example, you apply for a job. That might sting a bit too.

So what can you do? Well, one good plan is to avoid Facebook videos that offer dodgy content, or astonishing content. Remember, if it sounds too good to be true, or too amazing to be true, guess what? It's probably not true.

We've known, for some time, that these things work on Safari on OSX, but have not noticed them working on iOS. I guess that's progress. I guess.

It's a tricky Web out there. Keep safe folks.

Roger

 

 

Leave a reply


Categories

SATURDAY, JULY 31, 2021
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments