Understanding ClickJacking

  • Security

September 7, 2021 106 views

Two laptop screens displaying a $ sign.

ClickJacking also known as UI redressing, is an interface-based attack where a user is tricked into clicking on different parts of a website or application that contains malicious content.

ClickJacking is a prevalent type of attack hackers use to get information from users. It could be seen on social media websites such as Facebook or Instagram where someone shared a link to something that interests you, such as a funny video or a recipe. It could also be through LinkedIn, where someone sends a link to sign up for an online class, and because of this, the attacker can steal all the user’s personal information.

Since the pandemic, many people have become very comfortable with technology, making it easier for people to be careful on websites with high traffic, such as social media, YouTube, and Wikipedia. However, this can also occur in emails or text messages on different platforms on your phone and IoT devices. It only takes one or two clicks for attackers to strike and take hold of a machine.

How? You might ask. Good question.

Attackers who use such attacks try to cover the decoy or fake website with the natural-looking website on top. By doing so, someone simply looking at the website will not be able to. In this fake website, the attacker can mask buttons and other UI features on the website to what “should” be there, making the website seem like the website that you are supposed to be on makes it very easy for the attackers to gain the user’s trust and gather information from them.

Some of the standard methods of gathering user information are through:

  • login credentials
  • accessing the webcam and microphone on your device
  • tracking your location

These are the most common methods that hopefully many people are aware of and, if not, should be. However, there are always new ways for attackers to be able to gain access to unauthorized devices. One example of this is pre-filled forms. Pre-filled forms are a convenient technique for many people who can safely use this tool. It helps save time without having to re-type the same information repeatedly. Unfortunately, attackers can exploit this tool by asking the user to enter data in a form before being able to click the hidden submit button.

What can I do to protect myself?

Now the best way to protect yourself against such attacks is relatively simple. The first would be to make sure to NEVER click on links that you are not sure of or are sent to you suddenly. For instance, if a friend you talked with two days ago without mentioning sends you a random link, then don’t click on it. Make sure to separately talk or message them to confirm that it was from them themselves. Secondly, make sure at the bottom of the page to keep your devices and specifically your default browser updated so that software built to protect users are there to protect you and browse safely.

Overall, clickjacking is a direct attack for many attackers to gather personal information about the user; however, it is also easily preventable if people take the time to make sure they are clicking on reliable links.

More Stories

  • Shedding Light on DarkSide

    David Knife
    May 21, 2021

    Ransomware is a type of malware that infects the victim's computer and attempts to have them pay a “ransom” to use it again. DarkSide is a type of ransomware attack that was first seen in 2020. Once it infects a network, it exfiltrates unencrypted data.

  • Carpe Diem at Softrams

    Zara Ikram
    March 2, 2021

    Softrams is hosting its first career fair happy hour to engage in networking where you can learn more about the company, our culture, and the work we do. Play games, win prizes, and find your next job all in one!

  • Softrams on the Inc. 5000 List – 3rd Year in a Row!

    Zara Ikram
    August 19, 2021

    Inc. magazine revealed that Softrams is No. 1018 on its annual Inc. 5000 list, the most prestigious ranking of the nation’s fastest-growing private companies. Among the 5,000, the average median three-year growth rate soared to 543 percent.