Be careful what you click. A simple click on the web could mean money to someone — and trouble for you. “Clickjacking” is the latest trick scammers are using to find victims. By clicking a link on a seemingly safe web page, you could be activating a scam.
How it works:
It starts like most online phishing scams. You receive an email, social media message or text that directs you to a website. Scammers may claim to be from a major store chain, and say they are giving away a gift. They instruct you to go to a website and enter to win.
When you arrive at the site, everything looks normal. But scammers have hidden links and other content on the page. In addition to the content you can see, scammers have added an invisible layer.
You complete a form to “register,” thinking your click will enter you for a “free gift” or other special offer, but you are really activating a code. This code can do anything from placing an order with an online retailer to changing the settings on your computer.
This technique is also used to trick you into “liking” something on social media that you normally wouldn’t. This is called “likejacking.” For example, you might receive an attention-getting message: “You’ll never believe this shocking news about [insert popular celebrity],” for example. Just clicking to see what it is could activate a code which “likes” the webpage and publicizes the link on your newsfeed. The page itself could contain things like unsolicited pornography or malicious code.
Better Business Bureau has these tips for consumers to avoid a “clickjacking” or “likejacking” scam:
- Click with caution. Stay away from teasers for sensational videos and messages that require you to “click here” in order to see the full video or message.
- Update your computer. The newest versions of browsers have security updates that warn you of suspicious websites. Also, make sure you have antivirus software installed on your computer, and that it is up-to-date.
- Log out of websites. Many “clickjacking” scams take advantage of web users’ habit of staying logged into social media sites or popular online retailers. Make sure to always log out of any webpage you’re not using, and avoid selecting the tab “remember me” when signing in to a site. By staying logged on to multiple sites, it makes it that much easier for scammers to “like” or even buy something in your name.
- Don’t fall for fake sites. It’s easy to steal the colors, logos and headers of an established organization. Make sure to do your research to make sure that website is legitimate and not an imitation. Just because a site looks real, does not mean it is.
If you become a victim of internet fraud, USA.gov has a list of official government web resources to help direct you on the next steps to take.