First we had phishing, then smishing and vishing. Now we have clickjacking and likejacking to worry about! In a Press Release last month, the Washington State Attorney General’s Office announced a settlement—a consent decree—with the owners of a California-based online marketing company. The Washington Attorney General Rob McKenna stated, “Today’s settlement puts a stop to Adscend’s ‘likejacking’ and other misleading tactics that led Facebook users to fork over personal information or buy subscription services from sites that appeared to be recommended by friends” and earning up to $1.2 million per month doing it.
As part of the settlement, Adscend and its co-owners agreed to properly monitor its CPA (cost-per-action) affiliate network and make clear that any distributed messages in the future come from an affiliate earning sales commission.
Facebook also filed suit against Adscend, but dropped the suit after Adscend settled with the Washington State Attorney General.
So just what is clickjacking? According to Wikipedia, it is a malicious technique of tricking web users into clicking on something different than what they thought they were clicking on.
Here is an example of how it works. Someone receives an email with a link to a video news story, but a transparent product page can be “hidden” on top or underneath the “PLAY” button of the news video, so when the user tries to play the video, he/she actually buys a product or is taken to an unseen Web site that may contain malicious code.
Wikipedia defines likejacking as the malicious technique of tricking users of a website into posting a Facebook status update for a site they did not intentionally mean to “like.” The lawsuit alleges Adscend’s affiliates initiated posts to Facebook pages that appeared to offer visitors an opportunity to view scandalous or provocative content. Some recent examples of such posts include “This Guy Took a Picture Of His Face Every Day for 8 Years,” “Lady Gaga Found Dead in Hotel Room,” “This is What Happened to His Ex-Girlfriend.”
According to web security company Sophos Labs, if you click on such a link, you’re taken to a page that says “Click the Like Button.” When you click the Like Button, you are inadvertently spreading the sales pitches to friends thereby generating traffic to a business. Companies like Adscend are paid by advertisers to drive traffic to their sites. There is usually some kind of survey or short form they ask you to fill out before you can view the content and in that way the business gains information about you.
How can you prevent clickjacking and likejacking? There are some commercial products and one free add-on that will prevent you from clicking on invisible page elements. Also, the major web browser companies are starting to build-in preventive measures.
For more information you can trust, visit www.evansville.bbb.org.