eBrandz Blog

False ‘bait’ page trick Facebook users into ‘clickjacking’

‘Clickjacking’ has emerged as a point of worry for Facebook. The world’s popular networking site, dealing with the hassles of spam, privacy and censorship issues, has allegedly suffered at the hands of a company based in Delaware that it claimed to have  reaped more than $1 milion a month by employing bogus pages hosted on the social network to coax users away to other sites.

The practice is also called ‘likejacking’ because gullible victims are lured into clicking the ‘like’ button on Facebook to perpetuate it. Facebook’s case has been backed by the US state of Washington in suing the accused firm of ‘clickjacking’ charges. According to the plaintiffs, Adscend Media has been making money from the rampant scam tricking a host of advertising clients for each Facebook user, who gets misdirected to a target ad or some subscription service.

As media reports suggest, it is probably the first time ever that any state government has approached legal authorities in a stiff crackdown against spam spread via social sites like Facebook.  The Washington attorney general senior counsel Paula Selis underlines the significance of this step to move the federal court through two separate albeit similar claims that have been filed both by the state and Facebook.

According to Selis, clickjacking had become more pervasive, and millions of users had probably suffered from Adscend’s spam. Facebook’s general counsel Ted Ullyot added that security is akin to an arms race so it’s important to stay ahead of scammers and spammers. Both have accused Adscend of blatantly violating federal and state statutes that outlaw any deceptive or misleading commercial electronic communications as well as unfair business practices.

The separate lawsuit point out that Facebook pages devised as ‘bait’, disseminated as harmless posts to social network users, seemingly originating from friends, entice people to view provocative or salacious content. To do so, they first need to follow a series of steps that supposedly reveal the tempting content, actually designed so as to lure users to other websites, where they are prompted to divulge personal information or sign up for mobile subscription services.

They are tricked into ‘Liking’ the Facebook ‘bait’ page that alerts other friends to the particular page’s existence, helping to propagate it. Then they’re informed they can’t access the content unless they fill out a form for an advertising offer or online survey.
In one real-life example cited, the ‘Like’ button was overlayed with a link labeled: ‘This man took a picture of his face every day for 8 years!’

Here the promised content obviously does not exist. The user out of curiosity is diverted through a series of fake prompts taking them away from Facebook – to a string of ads and subscription offers. In some instances, a hidden code is embedded in a link on these ‘bait’ page that activates the ‘Like’ button without even one clicking it, sending it by default to friends’ news feeds. Rob McKenna, the Washington state attorney general, stated the state was going to take action against cyber fraud by developing legal and technological expertise.