One of the tenets of information security awareness is to have restraint when it comes to clicking on unknown links. This is important as ransomware is becoming a larger threat.
Even though it’s been around for a while, clickbait is seemingly back with a vengeance and not going away anytime soon. Clickbait is web content where the goal is to have the reader view not necessarily the content, but advertisements and offers. The user is drawn to the website with dramatic titles in the hope they will click.
The web is advertisement driven and legitimate sites provide content, with ads. Sites such as Ars Technica, Vox and myriad others are primarily news sites with ads. When it comes to clickbait, the ad and banners are the driver and content is secondary.
How bad is clickbait? Even the Better Business Bureau has an advisory warning of the dangers.
Clickbait sites generally have salacious and histrionic headlines like:
- 24 rare historical photos that will leave you speechless
- 20 rare images of the old west that will make your skin crawl
- History’s rarest images: 50 photos that will stop you in your tracks
- 25 hidden facts from [TV show] producers tried to keep from the public
- 25 facts you didn’t know about the movie [name]
- [TV show name]: astonishing facts revealed about the cast and crew
- 25 little-known facts about [topic]
- Your poorest ancestors and the shocking conditions they lived through in life
The telltale sign of a clickbait site is the inability to see all content on a single page. The incessant clicking is meant to spur the user to click on ads or go to another clickbait story.
In Photos Of Shelter Dogs The Moment They Realize They’re Being Adopted, seeing pictures of the 31 canines takes 31 clicks. Going through all 31 clicks will bring up close to 1,000 links and images for paid content and other clickbait stories.
The story Police heard strange noises coming from a shipping crate and couldn’t believe what was inside, takes 20 clicks to read. Each click leads to a page with about 30-40 words, and another Next screen to click.
Another sign of a clickbait site is that the information is often generic with little added value, and often simply sourced from Wikipedia.
For example, the clickbait story In 1961 This Little Girl Was Found Adrift At Sea. Decades Later She Revealed The Horrifying Truth, takes 15 clicks to read. The first page details the story of Terry Jo Duperrault. Google that name and one of the first results is a Wikipedia entry and a Reader’s Digest story that can be read in a single click.
Knowing that, many clickbait sites no longer mention the names of the main characters to ensure the reader stays on the page and clicks.
Many clickbait sites also have links to software, which can be sources of adware, trojans, malware and ransomware.
Here are some solutions:
1. Web filtering
Most web filtering solutions to date don’t do a good job of blocking clickbait sites. Given the broad definition of what it is, they are often reticent to block such a gray category. So, don’t expect your web filter to be much help.
2. Manual blacklisting
This works, but can be a hassle to maintain. There are thousands of clickbait sites, with new ones continually springing up. Manual blacklists are a solution; but an imperfect and stopgap one at best.
3. Ad blockers
Like blacklists, ad blocking plug-ins and extensions are a partial solution.
Often Facebook will list a ‘Suggested Post’ which may be a clickbait site. Since Facebook makes money off these advertisers, they don’t have an incentive to stop linking to clickbait sites.
As imperfect as it is, end-user awareness is often the last and best resort. Users need to be trained that reading clickbait stories are generally an utter waste of time. Worse, these sites can be storehouses for malware and ransomware. And as everyone knows, having ransomware is something that will make your skin crawl.
This article is published as part of the IDG Contributor Network. Want to Join?