Facebook sues alleged clickjacking firm

Graham Cluley
Graham Cluley
@

 @grahamcluley.com
 @[email protected]

Facebook sues alleged clickjacking firm

Facebook has launched a lawsuit against the owners of Adscend Media, alleging that they developed and encouraged others to spread spam using a variety of tactics – including clickjacking.

Facebook users are too painfully familiar with scams which trick them into completing online surveys or signing up for premium rate mobile phone services.

Here’s how a typical scam works.

A Facebook user is lured into clicking on a link, having been promised the chance to see a shocking video or other salacious content.

Clickjacking attack on Facebook

However, when they reach the page they often told that they must complete an online survey or provide personal information first.

In the case of clickjacking, also known as likejacking, users are tricked into clicking on an invisible “Like” button that follows their mouse across the screen, not realising that they are recommending the webpage to all of their Facebook friends.

No matter where you click on the webpage, whether it be “Lady Gaga found dead in hotel room”, “Japanese Tsunami Launches Whale Into Building”, naked photos of a female popstar or “101 Hottest Women in the World,” you are actually clicking the Facebook Like button and further spreading the spam.

Clickjacking attack

Facebook and the US state of Washington have filed suits, alleging violations of the CAN-SPAM Act and other laws, against Delaware-based Adscend and co-owners Jeremy Bash of Huntington, West Virginia and Fehzan Ali, of Austin, Texas.

According to Assistant Attorney General Paula Selis, who heads the office’s Consumer Protection High-Tech Unit, at one point Adscend’s spam campaigns were earning the defendants $1.2 million a month.

Sign up to our free newsletter.
Security news, advice, and tips.

I’m delighted to see Facebook taking action against those alleged to be involved in scams on the social network.

How to clean-up after a likejacking attack

If you made the mistake of clicking on a link spread via a scam message, you should check your Facebook news feed and remove any offending links that you might have spammed out to your friends. Hover your mouse over the top right hand corner of the post and you should see a small “x” which will allow you to remove it.

And if you entered your mobile phone number, you should keep a close eye on your cellphone bill and notify your carrier to prevent bogus charges from stinging you in the wallet.

Remember to be wary of any suspicious links. If you really want to watch a video chances are that it’s available for free – without you having to complete any surveys – on legitimate video sites like YouTube.

Going forward, it’s essential that you stay informed about the latest scams spreading fast across Facebook and other internet attacks.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "The AI Fix" and "Smashing Security" podcasts. Follow him on Bluesky, Mastodon, and Threads, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.