Facebook scams have always been a problem on the social network, and just like email spam, no matter what improvements the company makes, scammers and spammers always find a new way to cause problems. Now, we can finally gauge how big of an issue this really is: security company Symantec recently set out to analyze likejacking attacks on Facebook.
Using a sample of 3.5 million posts with videos on August 2, Symantec found that up to 15 percent of unique posts were identified as likejacking attacks. Of course this number is skewed because most posts on Facebook aren't videos, but it still gives a general idea of what Palo Alto needs to do in order to compete with YouTube.
For those who don't know, likejacking is a play on the term clickjacking, which means asking a victim to click something while a different action is taken behind the scenes. Likejacking specifically refers to a victim clicking on something only to have some piece of content Liked, without their knowledge, in the background. This typically occurs with a fake video player window overlayed with a hidden iframe; actually clicking on it anywhere submits a Like, promoting the scam in question to your Facebook friends.
Likejacking can be embarrassing because of the content posted to your Wall. It can also be annoying because of how quickly a given scam can go viral. Worst of all though, they can be used by scammers to infect PCs with malware or steal online account information.
Symantec of course did this quick analysis in order to promote its own product. Norton Safe Web is a free Facebook app that scans News Feeds and identifies URLs containing security risks, such as phishing sites, malicious downloads, and links to unsafe external sites. To protect against likejacking, detections are displayed as part of the scan report and posted to the user's Wall so their friends are warned against clicking on the link.
I'd like to see Symantec analyze a month's worth of Facebook posts, which are not limited to just videos. The number would of course be much lower than 15 percent, but I think a breakdown of what type of spam and scams are proliferating on the social network would be useful information.
- Three weeks later, Facebook has paid $40,000 in security bug bounties
- Facebook launches security bug bounty program
- Security experts have mixed feelings about Facebook's privacy revamp
- Facebook testing two new mobile security features
- Facebook improves safety, security tools; experts not impressed
- Facebook CEO Mark Zuckerberg: spamming apps are lame