Facebook’s New Feature, The “Like” Button, Is Being Used For Cyber Attacks

We all like Facebook.

Well, most of us do.


Even though it has been under attack the last couple of years by privacy advocates, the press, and the black hat hacker community, it is still a nice service.

There is no other way on the internet to easily be able to find people from your past.

There is really no need to go to a high school reunion when you are able to see the updates of people you went to school with everyday on Facebook.

So, even though I do not want to hop on the bandwagon and criticize Facebook, there is a real problem that must be addressed, several of them in fact.

I will take the time in this article to discuss one of the problems that have been introduced to the Facebook community.

This is a problem with the “Like” button that is being spread across the internet.

How The ‘Like’ Button Is Being Exploited

When people log onto Facebook, they are now seeing something that they haven’t in the past.

The “Like” button.

This button has been around for the past six months and users are just now getting accustomed to using it.

Facebook also expanded its use by letting web pages put up their own “Like” button on their sites.

This way, people are able to click on the button and tell their Facebook friends which web sites that they like.

Black hat hackers have taken this idea and made it part of a click jacking attack.

They somehow trick a person into giving them their Facebook credentials.

Once the credentials are had, they log into the account and make the “Like” buttons in the account point to a web page of their choosing.

Usually this web page is filled with ads from different places.

Unfortunately for the person’s friends in the account, they cannot see the ads because they have been made invisible.

All they see is part of the web page that looks intriguing.

They may click on a part of the page and unbeknown to them, they are actually clicking on an ad.

So the attacker was able to take over the account and trick some of the user’s friends to click on an ad on another web page.

How To Stop The Exploit From Working

There are a couple of ways that you can stop an attack like this from working.

The first step is that if you feel as if you gave your log in information to the wrong place, change your password immediately.

It is better to be safe than sorry in a situation like this.

Also, before you place your log in information inside of a web page, make sure that you are actually on a Facebook page.

Check the URL of the web site to be sure that you have not been tricked.

Keeping Facebook Safe

If you follow these rules then you will be sure to keep your account and the friends that you have on the account safer from click jacking attacks in the future.

About Lee Munson

Lee's non-technical background allows him to write about internet security in a clear way that is understandable to both IT professionals and people just like you who need simple answers to your security questions.


  1. […] But you must be careful when giving your approval to a web site like that.If you are going to press the Like button for a web site that you are on, make sure that you really trust it. It does not make any sense to press the Like button on a web site that you have only visited for 5 […]

Speak Your Mind