Home > Articles > Computer Terms & Definitions > Cybersecurity > Threats To Individuals

What Is Clickjacking?

What Is Clickjacking

Date First Published: 8th June 2023

Topic: Cybersecurity

Subtopic: Threats To Systems, Data & Information

Article Type: Computer Terms & Definitions

Difficulty: Medium

Difficulty Level: 7/10

Learn about how to display the live date and time on a webpage in this article.

Clickjacking, also known as a user interface redress attack, or UI redressing, is the practice of using multiple invisible user interface layers to trick users into clicking on a link or button that claims to come from a legitimate and trusted website, but is actually disguised as something else and does something different than what described. It usually comes from a malicious site operated by the attacker. Clickjacking is designed to mislead users of the link's true destination and get users to do something they didn't intend to do by manipulating the user interface.

Clickjacking can be used to do anything malicious by using webpages. It is a way of launching another type of web-based attack by tricking users into doing something unsafe. This includes directly trying to install malware, redirecting to other sites that try to install malware, and trying to steal the user's credentials by impersonating trusted companies.

How Does Clickjacking Work?

Clickjacking works by attackers covering a legitimate-looking webpage with an interface that cannot be seen. Clickjacking is often performed by displaying an invisible page or HTML element inside an iframe on top of the webpage. Iframes allow a webpage to be displayed in another webpage. The user thinks they are clicking on the visible page when they are actually clicking an invisible element in the iframe imposed on top of it.

If a webpage allows itself to be displayed within a frame, it is possible for an attacker to cover the original webpage with a hidden layer, which contains its own user interface elements and JavaScript. There is no indication that there is a hidden, invisible layer on top of the original webpage.

Types Of Clickjacking

Below are four types of clickjacking:

  • Likejacking - This tricks users into liking things they didn't intend to. An example of likejacking is someone else's Facebook page being embedded in an invisible iframe. When the user clicks the like button, they are actually clicking on someone else's like button without realising.
  • Cursorjacking - This type of attack changes the cursor position to a different place from where the user sees it. It replaces the actual cursor with a fake one using an image. When the user clicks on an element with the fake cursor, the actual cursor clicks on another element different from what the user expected.
  • Cookiejacking - This type of attack steals the user's cookies by tricking them into dragging and dropping an element on the page, when they are actually selecting the contents of their cookies on the embedded visible page and sending it to the attacker.
  • Filejacking - This type of attack allows the attacker to steal files from the user. An example of this is when uploading a document to a file storage service, a browser window appears and the file system can be navigated. With filejacking, the 'upload files' button actually establishes a connection to an active file server different from what the user expected. This will allow an attacker to steal files from the user's computer.

How To Prevent Clickjacking?

Below are four ways to prevent clickjacking:

  • Block attempts to load webpages in an iframe. To ensure that webpages cannot be used in a clickjacking attack, webpages need to be blocked from being wrapped in an iframe.
  • Use browser add-ons. There are some browser add-ons designed to protect against clickjacking. Examples include NoScript and NoClickjack. They work by disabling JavaScript on a page, but most sites require JavaScript to properly function and disabling JavaScript can break the functionality. To allow the JavaScript on trusted sources, you have to set an allowlist.
  • Use strong antivirus software. Modern antivirus software can detect and remove clickjacking malware as long as it is up to date.
  • Keep your web browser up to date. Most modern browsers have built-in protection against clickjacking. Keeping your web browser up to date can fix vulnerabilities and bugs discovered by other users that enable clickjacking.


Feedback

  • Is there anything that you disagree with on this page?
  • Are there any spelling, grammatical, or punctuation errors on this page?
  • Are there any broken links or design errors on this page?

If so, it is important that you tell me as soon as possible on this page.


Comments


What Is Computerhelp4all?

  • Computerhelp4all is a site with articles for everyone about the topic of computing, as suggested in the name '4all'.


Featured Articles

Featured Quizzes

Topics

Computer Networking Cybersecurity Computer Systems Web Design & Development

Subtopics

Network Services Network Setups Network Standards Network Hardware Network Identifiers Network Software Internet Protocols Internet Organisations Data Transmission Technologies Web Development Web Design Web Advertising Web Applications Web Organisations Web Technologies Web Services SEO Threats To Systems, Data & Information Security Mechanisms & Technologies Computer Hardware Computer Software Ethics & Sustainability Legislation & User Data Protection

Activities

Wordsearches Unscramble Words Knowledge Questions

Difficulty

Easy articles Medium articles Advanced articles

Follow Computerhelp4all


Facebook Logo
RSS Logo
YouTube Logo

Search



Related Articles





© 2022-2024 Computerhelp4all | Home | About | Privacy Policy | Cookie Policy | Terms of Use | Facebook | Twitter | RSS Feeds | YouTube