Clickjacking

What is Clickjacking?

Clickjacking is a type of cyber attack in which bad actors trick users into clicking hidden, invisible, or otherwise deceptive elements, often on a web page. Also known as a User Interface (UI) redress attack, these clicks take can then allow hackers to steal personal data like passwords or account numbers, spread malicious links, change permissions, or even allow them to take control of a user’s device. A social media-based version of this attack is known as likejacking.

How to Recognize This Threat: A common method for executing a clickjacking attack is with an added layer or frame, usually transparent, over legitimate content. These are difficult to recognize, though there are methods for users to protect themselves. Other clickjacking types are less technical, rather focusing on tricking a user into a click, whether on a computer or mobile device.

How to Prevent This Threat: Modern, updated web browsers have clickjacking safeguards in place which stop the addition of transparent frames, as well as checks to ensure a web page is behaving as expected. Pop-up blockers and warnings about malicious web pages can also help. Additionally, educating users to spot attempts at manipulation – if it’s too good to be true then it probably is – can also help. On top of these tips, strong endpoint security provides another layer of protection for the user and network, both to prevent bad clicks and safeguard against infiltration.