Browse Definitions:
Definition

tag-jacking

Contributor(s): Ivy Wigmore

Tag-jacking is the exploitation of Facebook's friend-tagging feature to spread unwanted material such as scams, spam or malware.

People use Facebook's user tagging function to ensure that the identified users see particular posts. Typing a friend's name in a post or comment or adding a tag to a photograph creates a link to the individual's account. Depending on their security settings, the post may show up on the user's page. 

By exploiting permissive security settings, an intruder can make their content show up in the user's news feed and potentially the news feeds of their friends. Here's an example of a tag-jacking exploit: 

  1. The attacker gains access to an authorized user, for example through account hacking, creating a fake account or sending friend requests to target users. 
  2. The attacker creates a post tagging groups of people who are Facebook friends and using some kind of clickbait to compel the users to respond. 
  3. When a user clicks the attacker's post, a pop-up window says they have to download a file to see a video. However, what is actually downloaded is malware that gives the attacker access to the user's computer and enables identity theft and other crimes. 
  4. The attacker also gains control of the user's Facebook account and can then target all the friends in his network and so perpetuate the scam. 

It's not possible to prevent people from tagging you on Facebook but you can review tagged posts before they show up in your newsfeed. How to enable tag review: Click "Settings" from the drop-down list at the top right-hand corner of the Facebook page. Click "Timeline and tagging" in the left column. Ensure that the option to review tagged posts before they appear in your timeline is enabled. 

See also: likejacking, clickjacking, likebaiting

 

 

This was last updated in August 2015

Continue Reading About tag-jacking

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

Dateiendungen und Dateiformate

Gesponsert von:

SearchCompliance

SearchSecurity

  • black hat

    Black hat refers to a hacker who breaks into a computer system or network with malicious intent.

  • copyright

    Copyright is a legal term describing ownership of control of the rights to the use and distribution of certain works of creative ...

  • keylogger (keystroke logger or system monitor)

    A keylogger, sometimes called a keystroke logger or system monitor, is a type of surveillance technology used to monitor and ...

SearchHealthIT

  • population health management (PHM)

    Population health management (PHM) is a discipline within the healthcare industry that studies and facilitates care delivery ...

  • ICD-10-PCS

    The International Classification of Diseases, 10th Revision, Procedure Coding System (ICD-10-PCS) is a U.S. cataloging system for...

  • U.S. National Library of Medicine (NLM)

    The U.S. National Library of Medicine (NLM) is the largest biomedical library in the world.

SearchDisasterRecovery

  • business continuity plan (BCP)

    A business continuity plan (BCP) is a document that consists of the critical information an organization needs to continue ...

  • call tree

    A call tree -- sometimes referred to as a phone tree -- is a telecommunications chain for notifying specific individuals of an ...

  • mass notification system (MNS)

    A mass notification system is a platform that sends one-way messages to inform employees and the public of an emergency.

SearchStorage

  • open source storage

    Open source storage is data storage software developed in a public, collaborative manner that permits the free use, distribution ...

  • CompactFlash card (CF card)

    A CompactFlash card (CF card) is a memory card format developed by SanDisk in 1994 that uses flash memory technology to store ...

  • email archiving

    Email archiving (also spelled e-mail archiving) is a systematic approach to saving and protecting the data contained in email ...

SearchSolidStateStorage

  • RRAM or ReRAM (resistive RAM)

    RRAM or ReRAM (resistive random access memory) is a form of nonvolatile storage that operates by changing the resistance of a ...

  • JEDEC

    JEDEC is a global industry group that develops open standards for microelectronics.

  • M.2 SSD

    An M.2 SSD is a solid-state drive (SSD) that conforms to a computer industry specification written for internally mounted storage...

SearchCloudStorage

  • RESTful API

    A RESTful application program interface breaks down a transaction to create a series of small modules, each of which addresses an...

  • cloud storage infrastructure

    Cloud storage infrastructure is the hardware and software framework that supports the computing requirements of a private or ...

  • Zadara VPSA and ZIOS

    Zadara Storage provides block, file or object storage with varying levels of compute and capacity through its ZIOS and VPSA ...

Close