There’s a new method for spamming Facebook users that some spammers have been using lately to bypass Facebook’s spam filters called “Comment jacking”. As you could probably tell from the image above, comment jacking is not like likejacking, which is where a Facebook spammer would set up a website that would have a video (usually a YouTube video player) in the centre of the website, with a like button underneath the video play button, which when clicked would cause the user to ‘like’ the video so their friends could see it and fall for the same trap.
How Does Comment Jacking Work?
Once a hacker gains access to a Facebook account (possibly using one of the methods from one of my previous articles about hacking Facebook accounts), they’ll need a way to bypass Facebook’s spam filters, and that’s where comment jacking comes into the equation. The method itself is simple: create a short generic post on Facebook without a link, and then post the shortned link in a comment on your own post. Some comment jackers, like the one in the photo above, seem to make it look like they forgot to post the link in the initial post. By doing this, an unsuspectign friend of the hacked user’s account may click the link out of curiosity only to be led to a website filled with malware, or quite possibly a likejacking website.
Why Are People Comment Jacking?
The only explanations I can think of for someone wanting to engage in comment jacking is to bypass Facebook’s spam filters and to make a Facebook spam post appear to be a genuine one. However, in the example above, posting shortened URLs still looks like spam to most Facebook users since genuine Facebook users typically do not go through the extra effort of concealing their links only to share them on Facebook.