Clickjacking

What is Clickjacking?

In summary, clickjacking is when a fraudster targets someone to click a link, either to get them to install malware or to try to 'phish' them, a related term that involves getting a user to enter personal information via a fake website.

Clickjacking is done by sharing captivating content that misleads the user. Once people click back to the source of the content, the fraudster then tries to attack them. 

What Is There to Gain?

A fraudster has multiple ways to use these clicks for their own gain. With clickjacking, fraudsters can gain access to passwords, credit card numbers and any other valuable data that can be exploited. Clickjacking can also turn features in your devices system on and off when malware is installed. This malware has a lot of capabilities, ranging from enabling microphone and camera access or pulling location data from your device. In short, these clicks can cause strife in the moment, and can make crimes easier in the future.

Clickjacking Inforgraphic

Clickjacking Examples

A common example of clickjacking involves fraudsters creating a mirror login page to capture user information on a website. With this method, the user assumes that they're entering information into a usual form on a website they visit. In reality, the users can actually be entering that valuable information into an overlaid field controlled by the fraudster. The fraudster gets access without the user ever knowing there was something wrong.

An attacker can also redirect clicks from social media or emails to download malware or gain access to vital systems. This spells trouble for any organizations that rely on protecting sensitive data and intellectual property.

Additionally, links can be hidden under media and trigger a particular action, such as liking a Facebook page or ordering a product on Amazon.

How can Clickjacking be Prevented?