Likejacking

Likejacking definition

Likejacking is a social engineering attack where attackers trick internet users into unknowingly "liking" a Facebook page or post. This attack exploits the "like" button feature on Facebook to spread malicious content or boost the popularity of certain pages or posts without the users' consent.

See also: Website spoofing

How likejacking works

Likejacking uses simple techniques to drive traffic to a Facebook page:

1. 1.Attackers create a website and hide Facebook "like" buttons on it. They use invisible frames (iframes), CSS tricks, or JavaScript to make these buttons invisible or appear as something else.
2. 2.The website displays exciting content, like a viral video or a very enticing offer. When users interact with the content by clicking the play button or a “Buy Now” CTA, they actually click on the hidden "like" button instead.
3. 3.Interacting with the website causes users to "like" a Facebook page or post without their knowledge. The users’ action then shows up on their Facebook profile and can be seen by their friends, potentially leading more people to visit the page.
4. 4.Because Facebook’s algorithm favors popular content, these unauthorized "likes" increase the visibility of the malicious content, causing it to spread further across the platform.
5. 5.Attackers use the increased visibility to spread malware, collect personal information, or drive traffic to certain pages for financial gain.