Users are exposed to Phishing with Twitter and Facebook’s link directions

If you have been using the internet, then you should know that when there is a web page link provided and you click on it, either you get directed to a new window or tab or the link open in the present tab.

It is worthy to note that Twitter and Facebook do not want their users to leave their websites and people have not seem to have much choice since they are not yet willing to lose their beloved feeds from social media. However, there is a security concern that comes with this issue. When a user click on a link and it is opened in a new tab, that page in the new tab will have some access to the page that the user made the click from. Although there are some limitations, there is however a possibility that the original page will be forced to open a different website.

Take this scenario for example, you are on Facebook and you click on a link that opens in a new tab. After looking through that new website you close and head back to the tab that has your Facebook, and then you are told you have already logged out. You do not suspect anything at this stage and therefore provide your login details without knowing that you are not logging into Facebook, rather a rogue website. You do not know that you have just been phished.

This one is more sophisticated that what you get with the emails scams that are quite more obvious.

This issue happens because Twitter and Facebook makes use of target=”_blank”  as insert into the hyperlink code that they make use of which allows a link to open in a new tab.

According to Ben Halpern, a developer, he wrote on his website that the issue can be solved when the user inserts rel=”noopener” into the hyperlink which makes use of target=”_blank” so that the end result will look like this – <a href=”//” target=”_blank” rel=”noopener”>Quartz</a>

He said that adding that attribute code prevents rogue websites from phishing the user.

Halpern said Instagram has fixed the issue with Twitter and Facebook yet to do so.

Facebook in its reaction said they will experience some technical challenges should they want to stop the process adding that doing so will not allow websites on referral to know where their traffic is coming from. They, however, noted that they make use of rate-limiting feature to discourage phishing and also observes activities that are suspicious. With all this said, it does not exclude the fact that users are still vulnerable or that hackers cannot get access.