Fresh 'likejacking' attack on Facebook, as revisions are made on page controllers

News by Dan Raywood

Facebook is now allowing the removal of a page creator by an appointed administrator.

Facebook is now allowing the removal of a page creator by an appointed administrator.

After it recently stepped up application development with developers now required to have an approved account on the social networking site before they can add applications, the original creator of Facebook pages can now be removed as an administrator by any of the other administrators of that page.

Nick O'Neill, writing on, commented that this was a serious issue for a number of companies who were looking to shift control of their pages from a third-party company to someone internal, as in some instances pages have been sold but administrators have remained.

O'Neill said: “Facebook pages have become the centre of Facebook marketing campaigns for small, medium and large businesses alike. Combined with Facebook ad campaigns, custom tabs and ongoing user-engagement, Facebook pages serve as a tool for building community, and often result in more loyal customers.

“While the ability to remove the original Facebook page administrators may seem like a small upgrade, it's a feature that many Facebook page owners have been asking for since pages first launched.”

The social networking site was also hit by a fresh 'clickjacking' attack over the last weekend.

Roger Thompson, chief research officer for AVG, warned of another ‘likejacking' campaign on Facebook, with the lure of a picture of actress Jessica Alba on a page of the ‘101 hottest women in the world'.

He said that if you decide that you would like to see the other 100, you have to click somewhere on the page, although there is nothing else to click other than to go back or close the browser, and no matter where you click, your Facebook page is updated to show that you ‘like' this page.

“All your friends then get to see that you ‘liked' this page, and perhaps will be encouraged to see for themselves. This is how these things spread. You then get to go through another aptitude test and the final result is that they want to automatically charge you $10 a month on your mobile phone for more aptitude tests,” said Thompson.

“This is very similar to a campaign they ran over the weekend, where the lure was ‘96 hottest women', so they either found five more, or they are just incrementing the numbers.”

Kaspersky Lab expert Christian Funk said: “Now, if thousands of people click on the link, this will generate a nice sum of money - definitely not enough to get rich, but still a lucrative auxiliary source of income.

“This method isn't very sophisticated nor is it new, but it's obviously still very effective, as these links are heavily spreading through Facebook. So will you click the next link you see on Facebook? Be careful and if it looks suspicious - just don't click.”


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews