Skip to main content

Clickjacking – What It Really Is and Why You Should Care


 

Have you ever clicked a button on a website and felt something “unexpected” happened? Maybe a random page opened, a weird like was added, or something just didn’t feel right.
That’s basically the idea behind clickjacking.

Clickjacking is a trick where attackers hide something behind what you actually see on the screen. So when you click a button you think is harmless, you might actually be clicking a completely different hidden button.

For example:
You see a “Play Video” button.
But behind it, there’s a hidden “Share on Facebook” button.
You click Play → you actually share something publicly without knowing.

Clickjacking works because the user interface (UI) can be manipulated. Attackers use things like transparent layers, invisible iframes, and CSS tricks to hide the real action.

It’s simple. It’s sneaky. And it’s surprisingly effective.


REFERENCES

Clickjacking – What It Really Is and Why You Should Care

  1. OWASP Foundation. Clickjacking.
    https://owasp.org/www-community/attacks/Clickjacking

  2. Mozilla Developer Network (MDN). Clickjacking – Web Security Terminology.
    https://developer.mozilla.org/en-US/docs/Glossary/Clickjacking

  3. Imperva Cybersecurity. What Is Clickjacking?
    https://www.imperva.com/learn/application-security/clickjacking/

Comments

Post a Comment

Popular posts from this blog

How to Protect Yourself and Your Website from Clickjacking

 The good news is that clickjacking can be prevented — both by users and website owners. Here’s what you can do. If You’re a Website Owner 1. Add X-Frame-Options This tells browsers whether your site is allowed to be loaded inside an iframe. Using: DENY → no site can embed yours. SAMEORIGIN → only your own domain can embed your pages. 2. Use a Stronger CSP Rule Content Security Policy lets you decide who can load your site in a frame: Content -Security-Policy: frame-ancestors 'self' ; 3. Avoid Putting Sensitive Actions in Frames If a button performs an important function (payment, settings, etc.), keep it outside iframes. If You’re a Regular User Don’t trust shady download/play buttons. Keep your browser updated. Use an ad-blocker or iframe-blocking extension. Don’t click random links from unknown sites. Final Thoughts Clickjacking works because it targets people , not systems. The best defense is awareness — knowing how the trick works mak...
Post a Comment
Read more

Welcome to My Blog

 Hi! Thanks for stopping by. This blog is all about clickjacking —a sneaky type of attack that most people don’t even know is happening while they browse the internet. I created this space because I wanted to explain this topic in a simple and easy way, without using heavy technical words or confusing explanations. Here, I’ll be sharing what clickjacking is, how it actually works, real examples you might have seen online, and how you can protect yourself from it. Everything is written from a normal person’s point of view, so you can understand it even if you’re completely new to cybersecurity. Feel free to explore the posts, learn at your own pace, and hopefully become a bit more aware of what’s going on behind the clicks you make every day.
Post a Comment
Read more

Hidden Clicks, Real Damage: Clickjacking Case Studies

  Case Study 1: Social Media LikeJacking Scam Background A popular social media platform saw a sudden increase in suspicious “Likes” on random pages. Users complained that they never clicked “Like,” yet their profile was promoting unknown pages. What Happened Attackers created a website offering “Watch Free Movies.” A big orange Play button appeared on the page. But behind that button, a hidden Facebook Like button was placed using a transparent iframe. When users clicked Play → they unknowingly liked a spam page. Impact Thousands of users unknowingly boosted fake pages The spam pages gained followers quickly Those pages later spread phishing and scam links Lesson Simple UI manipulation can trick even experienced users. Social media platforms must ensure critical actions (like, share, follow) cannot be executed inside frames. Case Study 2: Online Banking Clickjacking Fraud Background A regional bank noticed several customers reporting unauthorized fund tra...
1 comment
Read more