The guide, to certain extent, helps novice to “inspect” hyperlink of clickable object at web browser status bar. And, using different brand of web browser to surf suspect hyperlink is easier than disabling session sharing feature, to prevent cross-site request forgery (CSRF) cum clickjacking attack (so long as you don’t login when prompted to do so by the suspect website).
If you want to understand what clickjacking is, read the new post and see how Symantec advises users to avoid clickjacking attack.
If you’re tempted to play video or open link shared by friends on Facebook, don’t ever simply click on it unless the shared video / page hyperlink is of a reputable website (domain).
By default, most web browsers endeavor to display hyperlink of a clickable object at status bar when hovering mouse pointer on top of it, e.g. the true URL of “activate dislike button” is shown on the IE 9 status bar when mouse over the link:
Yes, am very keen to have a dislike button on Facebook but I will NOT blindly “activate” it when I see that message (above) posted by a friend who has just became one of the clickjacking victims.
Apparently, that’s not an official FB dislike button and activate it might lead me to Davy Jones’ Locker!
As you can see in the screencast, the dislike button link eventually redirected to a problematic website that attempt to convince novices to follow the given instructions, which is exactly what Facebook has highlighted to users on the subject of Malicious script scams.
The trick to keep online account safe from clickjacking attack
There are many ways to prevent clickjacking attacks. The one I prefer is what has been shown to you in screencast, i.e.:
1. Use the latest, updated web browser (e.g. Internet Explorer 9) to access important online accounts.
2. When there is need to open a hyperlink appears on my online account (e.g. Facebook, Gmail, etc), I will right click to copy the hyperlink.
3. Open another updated, secure web browser (e.g. Google Chrome, Firefox, Opera, etc) to browse the copied hyperlink (from step-2) – by this way, the suspect hyperlink will not able to access my online account or activate session hijacking kind of malicious activities.
So that’s why I need at least 2 different brands of web browser and keep these browsers updated to eliminate all known security loopholes. Besides, running an efficient Internet security suite (e.g. Kaspersky IS) is highly recommended to further secure online computers.