Clickjacking - another way to get you to follow a malicious link - Facebook issue
Archive - Originally posted on "The Horse's Mouth" - 2011-03-29 16:24:16 - Graham Ellis"A clickjacked page tricks a user into performing undesired actions by clicking on a concealed link. On a clickjacked page, the attackers show a set of dummy buttons, then load another page over it in a transparent layer. The users think that they are clicking the visible buttons, while they are actually performing actions on the hidden page." - Wikipedia - [here].
And - in English - there's a way of putting up a legitimate page (for something like a YouTube video) but then putting another button over the "play" button so it does something else. Rather like "skimming" with a ATM machine, where the crooks put another keypad over the real one, so that you think you're using the ATM but in reality you're [also] giving them personal information.
I clicked on a friend's link to a video in Facebook a few minutes ago, and it didn't work / play the video the first time. Hmm. Try again. But - wait - was this really tha page I was on? It looks like I may have been caught here. See [here].
So - be warned / be careful what you click. And if you're caught (as I suspect I was) on Facebook, it's probably best to change your passwords and check your other setting withut delay.
P.S. This ClickJack is viral ... it reposted itself in FaceBook under my name ... and I have also deleted than onward post.