Facebook has a ton of apps. Some are great for sharing what music you are listening to, or seeing what articles your friends are reading, or for playing games. Then there are those apps that promise to show you something really cute or shocking, if you would just click on the button on this page.
You’ve likely just been clickjacked.
Clickjacking scams have been around for a few years, and though it’s not as prominent as before, it’s always good to have an understanding of how it works, so that you do not fall for it.
How It Works
Clickjacking occurs when the scammer places an invisible button over an innocent looking page displaying fuzzy kittens or some news article. However, when you click on the page, you actually click that transparent element, which is linked to something else you didn’t expect.
For instance, you may see a page with a movie embedded on it. You want to watch the movie, so you click on the play button. However, the scammer has superimposed an invisible page over the movie so that when you clicked on play, you actually clicked on a button granting access to your camera and microphone. You think you’re watching the movie, but you’re actually permitting the scammer to access your camera and microphone on your computer.
You may discover the page tricked you into changing privacy settings on your Facebook account, “liking” something you wouldn’t normally “like,” adding yourself as a Twitter follower for someone you don’t know, or even enabling something on your computer such as a microphone or camera.
You think you are clicking on something (a link to see picture of cats), but the scammers are using frames and transparent elements to load pages and buttons to something else.
How You Can Prevent Your Clicks From Being Clickjacked
Update your Internet browser and plug-ins such as Flash. Many of the older browsers and plugins are vulnerable to clickjacking, so updating will give you some protection. If you use the Firefox Web browser, you can also download clickjacking detection and prevention plug-ins such as NoScript.
The thing about a clickjacking attack is there isn’t any foolproof way of detecting when it is happening to you. Keep your software and plugins updated and don’t be so quick to click on links or apps on Facebook, even if they appear to be coming from your friends.