Clickjacking is a type of cyberattack which is essentially a veiled one in that you are baited into clicking on a webpage element that is not what it shows there and is, in fact, another HTML element in disguise. Hence, unaware of the actual threat, you click and something harmful to your PC or smartphone enters it, like malware which can even steal your banking information or sensitive personal data.
What are the types of Clickjacking?
There are some specific types of Clickjacking that have been given their own names. One of them is Likejacking, which is about disguising a Facebook ‘Like’ button. Facebook users hit that Like button thinking it to be of something they would actually like but instead that ‘Like’ gets registered for some other Facebook page, with the users being totally oblivious to the truth. Similarly, it has happened in the case of a Twitter page also, with the supposed Like actually ending up re-tweeting the location of the malicious web link, thus causing it to reach more people.
Another form of Clickjacking is Cursorjacking, which works in the same way, only this time the cursor’s position on your screen is not where you see it.
How hackers can use this ‘trick’?
Let’s furnish an example of how hackers employ this cyber trick. They’ll first create a page that is most likely to attract the attention of the target, like a free gift/free iPhone or trip to somewhere. And there will be an invisible iframe with another page with a clickable on-screen button that is for some other function, like “transfer funds” or “enable” some function. The free gift button is aligned just above the, let’s say “enable permission” button for something and when the user clicks on the button thinking it to be a gift button, it is actually for something else.
Clickjacking has been used earlier to alter the security settings of Flash player, which allowed a Flash animation to get control over the microphone and camera of a certain PC.