You click buttons when you visit websites daily – to share, buy, and interact. But what if those clicks were not going where you thought they were? Welcome to clickjacking, the latest cyber scam that allows attackers to manipulate your online actions without you even realizing it. This article describes various ways to protect yourself from clickjacking. Here is what you need to know.
What Is Clickjacking?
Clickjacking occurs when criminals hijack a website’s links, buttons, and other clickable parts. Attackers place transparent layers over a website, which causes you to click a malicious link instead of the one you thought you were clicking. For example, I visit a website to download a free e-book. Instead of clicking on the link to download the e-book, there is an overlay on that link that downloads malware or a keylogger. Instead, the links you click give attackers access to your accounts, personal data, and even your entire computer or device. What makes clickjacking such a serious threat is that the overlays occur on the actual website and not on a spoofed version that a scammer would set up. Criminals have figured out that if you are on a reputable site, you will likely let your guard down and expect to be safe.
How Does Clickjacking Occur?
There are a variety of ways criminals can trick you with clickjacking, such as:
- Transparent or hidden overlays
- Click event dropping (clicking appears not to work, but you are actually clicking an invisible malicious link)
- Scrolling with a malicious pop-up
- What makes clickjacking so dangerous is that it can bypass antivirus software. Since these attacks happen on reputable sites and may not always download anything, traditional antivirus software may not detect them.
- Cropping (only attacks specific controls on the page)
How to Protect Yourself from Clickjacking
Pay attention to your clicks and website prompts. Does your favorite site suddenly have a prompt to confirm an action when it has never happened before? It could be clickjacking. While confirmations are common on websites, it should be a red flag if a site never had them. Test things out by clicking other buttons or links to see if they are all confirmed.
While clickjacking can occur on legitimate websites, it is an issue on spoofed or fake websites. Make sure you are correctly typing in the URL or web address. A single typo could cost you.
Hopefully, this will give you tips to help you stay safe from clickjacking scams. By staying informed and taking these precautions, you can significantly reduce your risk of falling victim to clickjacking scams.
If you have any questions, please reach out. I am always available.
Burton Kelso is the Chief Tech Expert at Integral, an IT support and computer services company, TEDx, and a national speaker, as well as a media tech expert who regularly appears on national and international TV and radio shows, offering viewers easy tips on computers, technology, internet lifestyle, and gadgets. He loves technology, he has read all of the manuals, and he is serious about making technology fun, safe, and easy to use for everyone! Burton can be reached at burton@burtonkelso.com.
Sign up to subscribe for My Tech Tips Newsletter each week.