Clickjacking is the most common technique used by hackers to infect the target and spread the attack further, i.e the attacker tricks the user into revealing confidential information and other account details required to spread the attack further.

Clickjacking is basically a malicious script attack, also known as UI Redressing which takes over the links displayed in the Internet browser for various web pages. When this happens, the user is taken to a site which is unintended when he tries to lick on that link.

In other words, clickjacking is an embedded script or code which can click on a button that appears to perform another function, without the user’s knowledge.

Sometimes a user is unaware of what has just happened or in some case; a user can immediately detect it. There are a few things which everyone ought to be aware of this menace that can create havoc.

#1. Clickjacking happens when a website is embedded with a malicious program. This program hovers under the unaware user’s mouse, and if the user clicks the mouse on a page or link, a new web site appears or downloading of software takes place.

#2. It’s a malicious script which can virtually run on any website without the owner being aware or having the ability to stop it. These attacks have been a significant cause of concern for many big companies and major websites like Facebook.

#3. Making the user believe that he is on the company website, clickjacking can create a mirror site and collect personal information.

#4. Except for very few browsers which are not based on graphics are immune from the clickjacking software.

#5. Clickjacking can steal private data, like social security numbers, credit card and bank information.

#6. This malicious script can work without the knowledge of the user, install several software applications in a computer. They could be harmful viruses, adware or software which is more so dangerous to the machine.

#7. A new clickjacking script has been disclosed which can be used to spy on your webcam and microphone in Adobe’s Flash software. Adobe’s Flash software is vulnerable as it enables the clickjacking to gain access to the user’s microphone and webcam.

While the user visits a web page, unknown to him, the target application waits invisible and loaded while it floats the unseen allow button. When the user clicks on the flash button, the hidden “allow” button receives your click.

The Flash application is now accessed with full permission and may even stream from your microphone and webcam to a server for recording.

The “Facebook like” feature is designed by Facebook so that web developers can place the code on any webpage they want to. Like button helps in quick sharing of the webpage you are reading with your friends.

Not only is it easy to use, but it is also easy to abuse in clickjacking attack.

The Scammer will just create a webpage containing some attractive tile such as “SHOCKING Hidden Message In The Google Logo!” and a like button and some script.

The scammer will then ask you to “like” the page and will also demand you to share the page on your friend’s wall to expose the secret message, he just used you as a spammer and successfully carried out clickjacking attack.

You might also like: How to hack Facebook password

Table of Contents

How to Recognize a Clickjacking attack?

The first clue that there is something awry with the site is its URL, which indicates it provides “free Facebook layouts.” Then, the page traps visitors with some fancy Javascript so that they cannot scroll down or leave the page without “taking a quiz.”

Even further, the page tries to scare visitors with a pop-up that says “We have been receiving a lot of spambot traffic from an IP Address Similar to yours. Please complete a quiz to unlock the page”. This is a typical social engineering scare tactic popular with text messaging scams.

How to protect yourself from Clickjacking attack?

Many Security software Internet companies and browsers are working on how to counter and combat this malicious script attack.

Some suggest that the best way to counter clickjacking is to install the NoScript browser addon and by allowing only sites you trust to run active content.

How do Scammers Benefit from Clickjacking attacks?

The only goal of Scammers is to make money. Clicking any of the links in the above-discussed Clickjacking attacks sends a request to affiliate programs, most likely collecting clicks for a CPA (cost-per-action) program.

These requests happen so fast that the user would have no idea when and how other sites were being contacted.

Examples of clickjacking Scams:

1. “My total facebook profile views – Survey Scam

A new Survey Scam is spreading virally across Facebook and already thousands of people have been Scammed. The New SPAM claims to unveil your total facebook profile views by following few steps.

The Scammers are using Facebook applications to post spam messages onto the user’s profiles.

Again I want to make it very clear that there is No way you can find “you total facebook profile views” or “who viewed your Profile”.

Still, people are very curious to know these things and while doing these stupid things you are totally unaware of risks involved.

Lets see how this SPAM works:

At first, you will probably see a status update on your friends wall saying he has found out his total facebook views and the number XXX will be displayed beside that. along with this, there will be another link to the Scammers application that says “Find out your total profile views [LINK]”. The Link points to rogue applications which trick you into allowing them to access your Facebook page and profile details.

When you click on that Link you will be directed to a Facebook application which will request you for Permissions. As soon as you click on “allow”, the app will automatically post Status Updates on your wall which can be seen by your Facebook friends.

ClickJacking Attack: Things you must know

After you allow the app to access your profile and post to your Facebook page then you’ll next be taken to the web page which claims it will calculate the number of people who have viewed your profile. But first, they want you to complete a survey.

Here comes the intention of these Spammers. They are just doing their job of making money by tricking people. How? The scammers make money every time one of these surveys is completed.

How to disable this clickjacking fraud in your account?

If you’ve been affected by this scam, you should First remove the Status Updates by this App. The Next step is to remove this App from Accessing your Facebook Profile. To do so Goto Account >> Privacy Settings and Scroll down. Click edit option in the “Apps and Websites” area.

Direct link: http://www.facebook.com/settings/?tab=applications

Here you will see all the applications that can access your personal data and have rights to post on your wall. You can click on the App to find more information about it.

Click “Remove” and Now you can remove the App you want. In this case, the App will The apps are sorted according to the date when they were added. So the Spammers app that we are discussing now will be at at the Top.

2. “Find Your Stalker” – New Facebook Clickjacking fraud

Its Human Nature, we are unknowingly Tempted to check out sexy looking Stuff.

Scammers are using simple social engineering techniques to get hold your Facebook account and Promote their Products.

This time that Scammers have more Powerfull Facebook clickjacking fraud. Now we have seen clickjacking fraud that could update your status and post the same scam link to your friends Wall automatically. But this Spam is different, it also tags random friends from your Friends list and checks them as your top stalkers.

Just Observe the Screenshot below. if you happen to see a message like the following posted on your wall by one of your Facebook friend’s, don’t click on the link.

If you do make the mistake of clicking on the link – perhaps out of morbid curiosity to see your Stalkers – you will be Redirected to a page that claims You are about to find out who spends excessive time with your Photos, reading your old Post and blah blah.

They will ask you to Run Some Script on your Facebook Homepage. Once you Run the JavaScript, the evil javascript script will start his work and within minutes, it will flood your friend’s wall and your wall with the same Spam.

This is a typical clickjacking Scam.

How Do I Protect Myself In Future?

Use Best Internet Security Software and If you are using Firefox, then do Add NoScript Plugin to your Firefox Browser. NoScript Allows active content to run only from sites you trust, and protect yourself against XSS and Clickjacking attacks.

3. “Get 5000 likes in your Status” – Facebook Clickjacking scam

Not everyone gets hundreds of likes on their Facebook status posts. Some smart programmers have developed a script that can get any of your Facebook post (status, photo or video) loads of likes just in a few seconds. Yes, It’s true the script was leaked a long time back.

But the Scammers have used this script to spread SPAM for their own benefits. In this clickjacking fraud, you will surely get some hundreds of likes to your respective status post but at the same time, you will be posting this SPAM message: “Get 5000 likes in your Status! [URL]” to all the groups you are a member of. Thus Spreading this clickjacking fraud further.

The Scammers have actually used Two Scripts to trap you:

1) Facebook app to Auto-Post to all the groups (you are a member of).
2) Facebook Auto-liker app Script.

here’s the actual SPAM post in Facebook groups:

When a user clicks the [link] provided in the SPAM Post, he will be redirected to a Page that will ask you to complete few steps, which involves getting the token code by allowing their Facebook app to access your Facebook profile data.

Here’s how it looks:

(Click to Enlarge)

Once the user clicks “get token” Button, he will see a Pop-up asking to Allow a particular Facebook app (app to Auto Post to all the groups).

Once you give all the permissions to their App, They can post any Message anywhere, on behalf of you. The moment you realize this, you have already posted the message saying: “Get 5000 likes in your Status! [URL]” to all the groups you belong to.

Next, you will be asked to input token code and after submitting token code, you will be able to input “status ID” for which you want loads of likes. And yes you will get loads of likes as promised, but the untold truth is, you just became another spammer spreading clickjacking fraud.

How am I promoting this fraud?

Once you share their post at all the groups, the group members will obviously click on the [link] provided and in turn will become a victim by promoting it further. In this course, the SPAM developers are making money by monetizing Advertisements (which are normally making money with Viagra ads) and you are the one who is getting scammed as well as acting Spammer.

How do I get rid of this clickjacking scam? (Get 5000 likes in your Status!)

If you are a victim of this SPAM, don’t worry just GOTO “App Settings” on facebook and look for the recent apps that you have given permissions to and remove all of them.

URL: http://www.facebook.com/settings/?tab=applications

The scammers are using several dozens of Apps namely: CityVille, Xperia, Twitter, and other genuine looking Names. So observe them carefully and remove them.

4. “Revolving Images” inside Facebook – Clickjacking spam

There are some websites like (Do not try that Script) which are promising to rotate the images on your Facebook profile and Yes it is possible but along with this, they are also promoting Facebook status SPAM.

When you try that JAVA Script, you will see the images rotating and the worst part is you will automatically post this Website link to all your friends Wall. When you copy paste that Script in your address bar and hit enter. the current script basically attaches the external script to your current page which eventually makes the browser run that script.

Below is the Screenshot of the Spam:

Alert JAVA Script of Revolving Images is spreading Facebook status SPAM

How do I get Rid of this ‘Revolving Images’ Script?

If you are already infected then this Script might be posting automatic Status updates on your wall after particular Time Gap. to Stop this Just clear your Browsers “Cookies and cache”

5. Facebook virus “Koobface” uses clickjacking attack to spread through messenger

A couple of weeks ago I received a message from my friend asking me to check out some links which actually redirects you to some malicious website.

At first, I thought this guy is playing around with a keylogger. But after that, I have been getting this kind of messages every day. then I realized this is another Facebook clickjacking spam.

The best part of this Virus is, when you click on the link in the message, the virus automatically creates a group of your friends and sends them a copy of the message from you. Yesterday accidentally I clicked on the link and thank god my all-time favourite AVG internet Security saved me.

Below is a Screen snap of a message. The link in the message disguise a Trojan worm and should not be clicked.

If you’ve received a message like that through Facebook messages, you may have been exposed to the serious “Koobface” virus. Once the URL is clicked, “Koobface” prompts you to update your Flash player. Therein lies the virus, cloaked in a “flash_player.exe” file.

According to the Kaspersky Lab, an antivirus organization working closely with Facebook, “Koobface” transform victim machines into zombie computers to form botnets.

How does it work?

When you click on the link in the message, the “Koobface” gets in the action. Then it finds the appropriate Facebook cookie and it modifies the users account settings and profile – Sending messages containing links to malicious sites to trick your friends into installing the invader.