Save yourself from Clickjacking and Likejacking



by Nazia Khan-Ahmed

Social media marketing has many advantages but on the other hand it has some negative aspects too. There are numerous such activities due to which many people get exploited. These activities include the black hat exploits, the hackers who hack the web code and traffic from it and presenting it just like a Facebook page and many other similar activities.

There are many situations in which you have come to a point that you open a site. On that particular site when you click on a button or if you want to play a video you click on the given link but when you click on it you see that nothing happens. It might seem that you have opened an unresponsive link. So you click the button again. On the second or third click you will see that the video or link starts to work. Now this is concerning.

Many people might not take it as a serious thing but if you are a professional marketer or web user then it can be alarming for you because it can possibly be an attempt to click jack.

What is Clickjacking? Many of you might have this question in mind. You can find the answer and ways of preventing it below


Know what is Click and Like Jacking

Clickjacking in general refers to the term of redirecting a specific click from any intended use or unintended use that is related to any malicious context or a hidden act. For example, if you click on a particular link that is given on a web page and instead of that link that you want to open, another unknown page appears in front of your screen that you did not wish to open. This is known as a clickjack. Another example of the clickjack can be related to an invisible site-wide overlay that hijacks the first click of a user and then further uses it to open an ad or confirm some dialogue box that appears on your screen.

Another threat for the users is the Likejacking. It is almost same as to the Clickjacking. It varies from Clickjacking by having a more specified purpose. The main purpose of Likejacking is to force different users so that they like a particular Facebook page. For this purpose, the user must be logged on to their Facebook profiles.

In case if you want to make the iframe visible, then you will see something which includes a video player having two play locations. Among them, one play location is located in the center of the video and the other one is located in the lower left corner. Here you will find out that both of these locations are covered by Facebook like buttons. In many other cases these locations might be covered by the post share buttons. Then the user tries and click on the available button or link in order to play the video but does not see the malicious buttons that are hidden here. In this way the user gets into the trap that is set up through the clickjakers or the likejackers unknowingly. As a result of it the host which clicks on the hidden malicious link gets infected very easily.

How to Protect Yourself?

There are numerous ways by which you can remain protected from the trap of clickjacking. Some of those ways are discussed below


1: Review your likes

This is a great way that you can adopt to become secure from the clickjacking or Likejacking. In this way you can easily get to know that if you ever remain a victim of these malicious sites in past. You can follow a simple process if you want to audit your likes.

For this purpose, first of all you will have to log on to you Facebook profile and then scroll down on your profile page. Now you will see a box that is located on the left side of your profile page labelled as “Likes”. Now Click on it. Here all those pages will appear that you have liked in the previous times. Now you can set them as you require them to be. For example, if you like them or not, if you are following them or not or any related activity that you want to select.


2: Review your apps

The process of auditing your apps is just the same as the process of auditing your likes.

You will be required to go to your Facebook page in order to audit your apps. Now click on the drop-down arrow which is located in the upper right side of your Facebook profile page. Next a menu will appear in front of you. From that menu click on settings. Then you will see the option of “apps” located on the left sidebar on the same page. Now click it. A list will appear here that includes all the apps which you have authorized to use your account.

At this point you also have the choice to edit an apps ability so that it can post anything on your profile page on your behalf by customizing the viewership. You can set up your viewership by selecting the options that includes everyone, friends only, yourself only or the option of custom audiences. Here you also have the option of removing a particular app by which you can restrict its ability to post on your behalf.

If you will remove any app a checkbox will appear by which all the posts that were made by the specific app will be removed from your timeline and all the history items. If in another case there is an app that you do not use or you have not used previously then no change will appear.


3: Keep personal information Hidden from non-friends

Hiding your personal information from all those users who are not your friends can be safety step for you. In this way you can protect your profile page and your information effectively. You make these changes by going on the settings menu. On the settings menu click on the privacy option that is located in the sidebar of your page. From here you can select the option that you want that contains giving the access to the users whom you want your posts to be displayed or not. This can include your personal information like your name, email address, and phone number. In this way you can easily overcome the threat of malicious sites or the clickjakers. It is a great step in protecting your personal information from others.


4: Never click on Shady sites

This is major trap that many people fall into very easily due to the psychology and clickbait. Nowadays you may find many of these sites which are just similar to the ones like the clickbait but most probably are the spammy websites. For example, sites like Buzzfeed and Upworthy are two main examples of it. Here an important point is that you must try to remain cautious whenever you see any different type of link or site. In addition to this, there are numerous sites which you may find new or you may have not heard of them before. Many such sites are probably coded by some spam content or a third grader. In this case, I totally recommend that you must not click on these kind of sites. It is the first safety step that you can follow. On the other hand, you must also try to avoid clicking on the different video links that appear on an unknown page other than the authentic social channel like the YouTube. Otherwise you will surely be trapped and become a victim by those clickjakers.


5: Make Good Use of NoScript and AdBlock

In order to keep yourself safe from the malicious contents or sites, you can choose the two available options of browser plug-ins that include the NoScript and the AdBlock Plugins. These are a sources to keep yourself protected from the clickjakers.

There are numerous forms of AdBlock that are available nowadays. You can easily use them. Nowadays, the AdBlock Plus is an updated and most used option by many people as well as different marketers. you can also select the uBlock Origin plugin which is also a famous one. It is useful in blocking different types of spammy ads and scripts, and also helpful for you to block any unwanted context of any site. Additionally, it is also useful in supporting the white listing sites.

NoScript is a more general block-all-scripts browser extension that disables anything from running if you don’t want it to. It specifically contains the JavaScript and Flash. Now if you desire to view the videos that are available on the web then you will need to disable it on a temporary basis. If in case you find that the general filters are disabled at any time, NoScript has a clickjack detector that always remain in working condition.


6: Keep Your antivirus installed and updated

If you are a marketer, a web user or any common user you cannot deny the importance of the antivirus and its role in controlling as well as protecting a computer from spammy items and from different virus attacks. An updated antivirus software can be helpful in protecting your data from getting into the hands of the clickjakers which can become disastrous for you.


7: Always Log out of Facebook on the web

One of the important step that you can follow to overcome the attack of the clickjakers is to simply logout your Facebook account when you have finished using it. This is a simple but an effective way by which you can save your data.


Make Use OF WordPress Security Plugin

As I previously mentioned to you that there are no such ways by which you can stop yourself from clicking on the clickjacks. There are two main ways through which any site can be clickjaked. First one is by on-site and secondly through off-site. Now take a look at the on-site one. It icludes the clickjaking codes which are entered in a particular site. Whereas, in Off-site another domain is included by which your site is loaded in the i frame and then it layers the crackjack on top of it. It may look like a hard one to get through. There are some options that you can select for your security purpose from the clickjaking sites.


1: Install security software

You must install the security plugins. For example, the Word press or the CMS. If you have a famous brand or business running on Facebook, then there are more chances of you to get trapped in such types of clickjakings. So it is important that you should try to keep your software updated to overcome the threat.


2: Keep Your Passwords Safe

Changing your passwords on a timely basis in another great option by which you can remain protected. To avoid the possible threats, you must use strong passwords and keep them safe so that no one is able to guess them and then trap you by accessing your data.


3: Review your site for possible malicious code

Another way to remain protected is by auditing your site so that you are able to find out the spammy links or malicious codes. Otherwise it will lead you to get removed from the Google index. You can also protect your accounts by keeping a check on the logs that either it has not been accessed from any unknown location.


4: Make Use of a frame busting script

You can use a frame busting script to remain protected from the clickjacks. A frame buster known as is a bit of code that you include on your website so that you can detects whether a particular site can be opened with the help of a frame or not. In case if you see that it detects a frame then it will force that site to reload and put the user on actual site of yours instead of the site with the frame. In this way you will see that it will become hard for all those clickjacker to implement their iframe hack in real situation.


About the Author 

Nazia Khan- Ahmed is a Social Media Writer who has majored in Textile Designing. Also Holds Bachelor’s degree in Education and English Language Certification. Finds it impossible to discuss herself in third person but is doing so as per the demands of this bio. She is a home-maker and teaches Textile Designing to degree classes at the same time. Being nocturnal has taught her to manage her work in the night and her home at day time.