14 DAY TRIAL // A new viral likejacking scam currently making the rounds on Facebook is luring users with an alleged video of the world's funniest condom commercial.
The messages posted by victims on their walls read: "The World Funniest Condom Commercial - LOL [link] haha its really so funny ~ Dont Miss it !"
The spammed link leads users to a page hosted on blogspot.com which displays an YouTube video player.
However, pressing the play button is a very bad idea, because in the background, the user's click is hijacked and used to Like and Share the page on their wall.
This is achieved through a technique called clickjacking, or user interface redressing, which involves making a button transparent and overlaying it on top of another innocuous-looking one.
In this case, the Facebook Like button is hidden and positioned over the play one, so the user has no idea of what they are actually clicking on.
Because clickjacking is an abuse of legit programming techniques, otherwise required by websites to function properly, a solution for it is hard to find.
No browser currently has native clickjacking protection, but the Firefox NoScript extension provides a pretty accurate filter that is capable of detecting most such attacks.
Facebook has developed an anti-clickjacking solution of its own, in the form of a mechanism that is supposed to detect suspicious Like clicking patterns and prompt users for additional confirmation.
So far this protection mechanism has delivered little positive results. It still has a considerable delay until it kicks in and by the time it does, the spammers have already reached their goal.
Users who have fallen victim to this scam are advised to remove the spam messages from their wall and unlike the page by editing their profile settings and going to Activities and Interests > Show other pages and removing it from the list.