October 14, 2014 by

Clickjacking: A Short Introduction

Although clickjacking has been around for a while, it’s not a method many people are aware of, although most of us have come in contact with it. Clickjacking is, in simple terms, a way of misleading users to click on a link they never intended to click on. Subsequently, this click is often used for malicious purposes, such as propagating a malicious website on social media sites and obtaining user account details.

HOW DOES IT WORK? 

Let’s take Facebook for example. You see a post with a link that hundreds or even thousands of people like, so you think to yourself: “What’s this fuzz all about? Let me find out!.” You proceed to click on the link within the post which takes you to a site where you can win a free iPad. Awesome! Free stuff! All they need from you is to click the >> WIN << button and it’s yours. So little work for an iPad!

After you click the button, nothing happens…Seemingly. Behind the scenes, you hit the like (or share button, or any link actually) button and helped this post get even more exposure. This button is hosted on a transparent iframe and therefore invisible.

These sort of clickjacking attacks are rather harmless. Double click campaigns, however, can propagate the posts, while allowing you to click on the WIN button as well, which might consequently take you to a site infected by malware. Many of your friends will also click on the clickjacking link (since you shared or liked it on Facebook and they trust you) and so will their friends, and so on, like a chain reaction.

Below is a video depicting another example (digg):

How can you stay protected?

You can use browser extensions such as NoScript (guide) or ScriptSafe to block scripts and use common sense. No one on the internet will give you free iPads or anything similar.

 

 

About the author

Image of Author

LIFARS is a digital forensics and cybersecurity intelligence firm based in New York City. LIFARS is ranked as one of the top Digital Forensics and Cyber Investigations companies in 2016 and as one of the top cybersecurity companies in the New York metropolitan area for 2015 on the Cybersecurity 500 – a directory of the hottest and most innovative companies to watch in the cybersecurity industry.

Related articles

Banking Malware Spin-Off Targets Twitter, Facebook Accounts

A sophisticated strain of malware based on the Zeus trojan has been discovered monitoring and...

Read more arrow_forward

Iowa Student Arrested for Changing Grades Using Keylogger Malware

A former student at the University of Iowa has been arrested in his hometown of Denver after using...

Read more arrow_forward

100% of Govt Entities See Own Employees as Biggest Cybersecurity Risk

A new cybersecurity report has claimed that the government sector is way behind others in...

Read more arrow_forward