Matt invited us to a Facebook party last week, something along the lines of “CLICK HERE FOR A FREE IPAD~!” Now, I knew this was malware-related because I know Matt knows I wouldn’t want an iPad—free or otherwise. Clearly something smelled fishy here. The point is, even so-called techies can be the victim of malware. There’s a new clickjacking scam going around Facebook right now that, while not malicious right now, could well mutate into something not very nice with the flick of a switch.
“Clickjacking”? Basically, you click a link and it takes you to a different site, or delivers you to different content, that you expected. So, you click a link that says “WATCH THE WORLD CUP IN HD CLICK HERE” and all of a sudden you wind up on some hacker’s server inadvertently downloading a malicious payload.
Other subjects to be weary of include “JUSTIN BIEBERS PHONE NUMBER” (who the hell would want that, by the way?) and “NUDE PICS OF PARAMORES HAYLEY WILLIAMS” (which aren’t hard to find at all). Seriously, if you can’t find these photos you might as well admit you have no idea how to use the Internet. They’re everywhere.
As the scam exists today on Facebook, the only thing that happens when you click these links is that it adds the site to your “liked” list without your knowledge or express consent. (Shocker: another Facebook security glitch.) Again, that’s how it works today. Who’s to say that, come tomorrow, the scam starts sending you to virus-filled Web sites?
If I’ve said it once I’ve said it one million times: do not click random nonsense while on the Internet. You really do need to assume that everyone out there is out to get you, and that you need to be on guard every single minute you’re online.
Firefox users can do a few things to keep extra safe. One is to install AdBlock Plus. Yes, there’s a certain moral “wrongness” to using AdBlock, but there have been cases where popular Web sites (Drudge, ESPN) have served up malware-laden ads. Block those ads before they even reach your browser. You may also want to install NoScript, which turns on and off Javascipt, Flash, and other nonsense Web technologies that are about as secure as [something not secure]. (Sorry, couldn’t think of a way to finish that simile.) You can, of course, ad exceptions for sites you “trust,” like Gmail or whatever.
Bottom line: just be alert while online.