Clickjacking – Getting Tricked into Clicking on Invisible URLs

   9/3/2013 |  2/12/2009 |  1 Comment
Categories: Scams, Security, The Web
The Internet Patrol default featured image
Share the knowledge

Clickjacking is a malicious practice in which the bad guys essentially lay an invisible web page on top of the page that the user sees, so that when the user clicks a button or link, they are really performing the action of the invisible link that is overlayed on top of the button or link they believe that they are clicking (hence the term “clickjack”). Often that invisible link is structured to grab their confidential information, such as a username and password.

According to the United States Computer Emergency Readiness Team (U.S. CERT), “Clickjacking gives an attacker the ability to trick a user into clicking on something only barely or momentarily noticeable. Therefore, if users click on a Web page, they may actually be clicking on content from another page.”

For example, the user on the clickjacked site may believe that they are clicking on a link or button to “See a cute kitten”, but in reality they are clicking on an invisible link that is hidden on top of the cute kitten link, and that will take them to Hotmail, and if they have a Hotmail account – and their password is stored in their browser as a cookie or other stored value – the bad guys now have their Hotmail account information – including the password.

Clickjacking works by taking advantage of certain “features” (vulnerabilities) in a large number of widely-deployed and popular browsers. While the industry scrambles to address the situation, users who are using Firefox can get some protection by using the Firefox “NoScript” add-on, which is available here.

Have you been clickjacked? Tell us about it below.

The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.

CashApp us Square Cash app link

Venmo us Venmo link

Paypal us Paypal link

Get New Internet Patrol Articles by Email!

The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.

CashApp us Square Cash app link

Venmo us Venmo link

Paypal us Paypal link

 

More from the Internet Patrol:

FitBit, Other Wearable Tracking Devices and Apps High Security Risk says Report
Save Money with Our List of the Best Free Streaming Services
Scammers Run Up Your Cell Phone Bill with One Ring - Read How They Do It
Why The Hacked Sony PlayStation Network (PSN) is a Big Deal Security Issue for You
The Best Way to Monitor Your Bank and Credit Card Accounts after All the Data Breaches
Saks Fifth Avenue, Lord and Taylor, Reveal 9 Month Long Credit Card Data Breach
How to Cancel, Deactivate, and Delete Your Canva Account Following the Canva Breach
New Paypal Invoice Scam Emails Come from Paypal and Use Actual Paypal Links

Share the knowledge

One thought on “Clickjacking – Getting Tricked into Clicking on Invisible URLs

  1. Thanks for your informative article.
    I immediately added the noscript extension to Firefox. And, I’m now looking at this page with the noscript options bar across the bottom of my browser. I think I’ll just let the extension operate with its default settings. But, I’d be very interested if you or one of the commenters would recommend an article for general or practical use of noscript.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.