Although clickjacking has been around for a while, it’s not a method many people are aware of, although most of us have come in contact with it. Clickjacking is, in simple terms, a way of misleading users to click on a link they never intended to click on. Subsequently, this click is often used for malicious purposes, such as propagating a malicious website on social media sites and obtaining user account details.
HOW DOES IT WORK?
Let’s take Facebook for example. You see a post with a link that hundreds or even thousands of people like, so you think to yourself: “What’s this fuzz all about? Let me find out!.” You proceed to click on the link within the post which takes you to a site where you can win a free iPad. Awesome! Free stuff! All they need from you is to click the >> WIN << button and it’s yours. So little work for an iPad!
After you click the button, nothing happens…Seemingly. Behind the scenes, you hit the like (or share button, or any link actually) button and helped this post get even more exposure. This button is hosted on a transparent iframe and therefore invisible.
These sort of clickjacking attacks are rather harmless. Double click campaigns, however, can propagate the posts, while allowing you to click on the WIN button as well, which might consequently take you to a site infected by malware. Many of your friends will also click on the clickjacking link (since you shared or liked it on Facebook and they trust you) and so will their friends, and so on, like a chain reaction.
Below is a video depicting another example (digg):
How can you stay protected?
By LIFARS Cybersecurity • • Tags: clickjacking, cybersecurity, facebook, follow button, free ipad, hijack, invisible layer, like button, malicious site, malware, method, mouse click, post, scheme, transparent iframe, twitter
About the author
LIFARS is a digital forensics and cybersecurity intelligence firm based in New York City. LIFARS is ranked as one of the top Digital Forensics and Cyber Investigations companies in 2016 and as one of the top cybersecurity companies in the New York metropolitan area for 2015 on the Cybersecurity 500 – a directory of the hottest and most innovative companies to watch in the cybersecurity industry.
A sophisticated strain of malware based on the Zeus trojan has been discovered monitoring and...Read more arrow_forward
A former student at the University of Iowa has been arrested in his hometown of Denver after using...Read more arrow_forward
A new cybersecurity report has claimed that the government sector is way behind others in...Read more arrow_forward