Facebook link is replaced with another link only 'the moment you click'

Many people who are careful about security should have a habit of checking the URL of the link destination by hovering the cursor before clicking the link posted on SNS etc. Web developers have pointed out that Facebook has been replaced with links in a way that makes it unnoticed even with these measures.

Web developer Michal Špaček, a Czech security instructor, told Twitter: 'When you click or copy a link, it first opens' l.facebook.com 'and then. Did you know that you are redirected to the original site, but the HTML tag you see when you check the source and the URL you see when you hover your mouse cursor over the link indicate the original site. ' Did. Looking at the screenshot posted by Špaček, the link tag of the source and the URL of the link destination displayed on the browser are certainly in 'https://example.com' posted on Facebook by Špaček as a trial. It has become.

You may have noticed that when you click / copy a link on Facebook, a page on l. facebook. Com opens first and only then you're redirected to the original site. Even though the A HREF in the HTML points to the site. Even the tiny status line at the bottom shows the correct link. Pic.twitter.com/xqK8Vnxc64

— Michal Špaček (@ spazef0rze) September 27, 2021

If you look at the movie posted by Špaček, you can see how the URL is for Facebook for a moment.

When you click the FB link, but before the browser loads the page, they change the HREF to l. Facebook.com so for the browser, it seems like you clicked the l. Fb link. Works with right-click as well, maybe because 'copy link'. And when you move the mouse back again… Sneaky. Pic.twitter.com/6Yfl3de1V8

— Michal Špaček (@ spazef0rze) September 27, 2021

According to Špaček, this is due to a JavaScript code called onmousedown that works when the mouse is clicked. This code runs before the page starts loading and rewrites the link tag to the Facebook URL. However, when the mouse cursor hovers over the link, another code called onmouseover reverts the tag, so when the user tries to see the link, the browser only shows the original URL.

When you press a mouse button on that link, the browser executes the onmousedown JavaScript code * before * it even starts loading the page. The code changes the HREF to something else.

And when you move the mouse back over the link, the onmouseover code changes the HREF back.

— Michal Špaček (@ spazef0rze) September 27, 2021

There are other ways to track link clicks, such as using the ping attribute.

There are other ways to track link clicks: for example the ping attribute (that's what Google uses for / in Chrome) https://t.co/rErEBhkBav or the Beacon API https://t.co/yMOMDGLQ8S pic.twitter. com / g4v6chzRZz

— Michal Špaček (@ spazef0rze) September 27, 2021

When asked, 'Is this also used for phishing ?', Špaček replied, 'I don't think it is, but it can certainly be abused.'

I believe there's no need ???? But yeah, definitely could be used for some nefarious purposes as well.

— Michal Špaček (@ spazef0rze) September 27, 2021

Špaček's tweets have received various reactions. For example, one Twitter user commented, 'Because of this, we recommend blocking Facebook on your router.'

So it may be a good idea to block facebook on the router. ????

— Corneil du Plessis. He / him ☕ ???????????????? (@corneil) September 27, 2021

Another Twitter user said, 'Don't be afraid to misunderstand, this technology has been used by Google and others for over a decade. I don't think this is correct, but it's everywhere around us. I pointed out.

Hate to burst your bubble, but this technique has been in use for over a decade, easy. I know for a fact that Google was using it least as far back as 2013, probably earlier. It's basic click-tracking 101.

Not saying it's * right *. But it is ubiquitous.

— Rossipedia (@rossipedia) September 27, 2021

Špaček explained why he re-published this technique, which many IT companies take for granted, not just Facebook, saying, 'I wrote about this issue,'Don't click on suspicious links.'' when it is said, and is due to remind that is just by looking at the link destination can not be confirmed whether the URL is safe, ' we talk .