Publishers of technology books, eBooks, and videos for creative people

Home > Articles > Gadgets and Digital Lifestyle

  • Print
  • + Share This
This chapter is from the book

Clickjacking 101

One kind of spam-generating scam that’s spread rapidly on Facebook in recent months is clickjacking. Clickjacking is a way of tricking you into clicking on something you didn’t really mean to click on, by using malicious code to create an invisible button or link that’s hidden underneath other content. Simply put, you think you’re clicking on something innocuous, but instead you wind up clicking on the hidden link or button, which then triggers an action you didn’t mean to take.

On Facebook, the form this takes has been dubbed Likejacking, because the object of the scam is to get you to click a hidden Like button, sending out a News Feed story saying that you Liked a Page or a link that you haven’t, in fact, Liked. When your friends see the story in their News Feed, they click on it too, and the whole thing perpetuates itself virally.

Here’s an example of how it works: You click on a posting on someone’s Wall, and it takes you to a website where you’re encouraged to click on a button to play a video clip (usually something sensational like “OMG LADY FINDS BABY ALLIGATOR IN HER HAPPY MEAL BOX!!! CLICK TO WATCH VIDEO!!!!”) But when you click what appears to be the Play button, instead of playing the video, your click is actually recorded as Liking a bogus Page.

The best precautions you can take to fight the clickjackers are the obvious ones:

  • Keep a close eye on your Wall and immediately delete any postings that don’t belong there.
  • Be careful about clicking on links to external websites, and clicking on links you find on sites you’re not familiar with.
  • Distrust any messages that contain excessive capital letters and multiple exclamation marks (this is a good rule for life in general).

For those who want a stronger level of protection, there’s one other step you can take. If you use Firefox as your web browser, you can add a free extension called NoScript that prevents any scripts from being executed without your consent. Because clickjacking depends on the use of scripts, this effectively protects you from getting clickjacked—unless you relax your guard and enable the wrong site. (The downside, of course, is that you’ll spend a lot of time tediously approving the sites you visit that aren’t malicious, but security always comes at a cost.) You can find NoScript at

  • + Share This
  • 🔖 Save To Your Account