How fraudulent websites makes you click Facebook's "Like" or "Share" button

Jan 20, 2016

If you're using some social network service like Twitter, Facebook, Google+ you've probably seen your friends posting weird click-bait sites. Maybe you've felt into the trap too.

I've prepared simple demo website that reveals how is it possible, you click "Like" button without even knowing it:

The worst thing is: It's extremely easy to prepare such website. Attacker can make you to click "Share", "Like", "Share on the group, you're member of".

How to protect my accounts?

Disable 3rd party cookies

Like button will be there, but you won't be signed in.

Configure AdBlock/uBlock to disable specific 3rd party services

This will boost your security and limit data transfer. Like/share boxes won't load at all.

• Never click anything on suspicious websites.

Browsers protects us with disabling most of javascript actions, before user clicks. This solution removed annoying pop-ups almost completely. But when you click somewhere, you're not secure anymore.