Skip to main content

The click hijacking o clickjacking, also known as UI repair, is in the category of click fraud and is a method used by criminal hackers to make users unknowingly perform certain actions by clicking on buttons or links. The objectives of clickjacking include the control of other people's PCs, as well as the redirection of users to paid content or fraudulent websites. Currently, many large portals, such as Facebook, have to take measures against clickjacking.

Background

The display of a web page in the browser is the result of a file being retrieved from the server. Other scripts, such as JavaScript apps or even frames, are also loaded depending on the scope of the web offer. On the one hand, this allows to improve the functionality of the website. On the other hand, these apps provide ideal gateways for click fraud. With clickjacking, the user is shown the content that they can click on. However, when you click on the displayed link, the hacker's activities start in the background instead of loading the actions shown in the foreground.

600x400-Clickjacking-en-01png.png

Possible alternatives for attack

Clickjacking can be implemented by hackers in a number of ways. In most cases, this is done through the misuse of JavaScript apps:

Browser games

Here, foreground users click on game items that change the settings of their computers or browsers, making them most vulnerable hackers.

Download buttons

These are used by Internet scammers to entice the user to click on a download link. The link then loads malicious programs in the background.

All downloadable buttons

With frames, each button on a website can be simply manipulated to make the user unknowingly trigger the actions desired by the hacker.

Targets of clickjacking attacks

  • Spy on users.
  • Theft of confidential data such as passwords and account information.
  • Redirect users to websites with harmful content.
  • Enforce paid subscriptions.

Viable defense

Commonly used browsers have numerous opportunities to unmask clickjacking. Similarly, you can also use antivirus software with built-in browser protection to prevent possible attacks. The WordPress CMS blog has also offered protection against UI repair since 2011.[1] . Here, it is usually checked whether the pages can use frames or not before loading them. Similarly, it may be wise to not automatically allow JavaScript for all sites.

Facebook and clickjacking

Social networks are also affected by the clickjacking problem. For this case, the clickjacking technique is used to make users who click on a link automatically become Facebook fans of a Facebook page. However, the network reacted very quickly to this trend and has taken legal action against clickjacking methods that fraudulently target Facebook fans since 2012.

Web Links