Clickjack Attack

What Does Clickjack Attack Mean?

A clickjack attack is a malicious technique used by an attacker to record the infected user’s clicks on the Internet. This can be used to direct traffic to a specific site or to make a user like or accept a Facebook application. More nefarious purposes might be to collect sensitive information saved on a browser, such as passwords, or to install malicious content.

Advertisements

This type of attack is also known as clickjacking or UI readdressing.

Techopedia Explains Clickjack Attack

Normally, a clickjack exploitation is carried out by placing a concealed link over a valid button. However, the exploitation may also include the following:

  • Deceiving users into enabling their microphones and webcams via Flash
  • Fooling users into making their social media profile details public
  • Making infected users unknowingly follow somebody on Twitter

A clickjack attack can be implemented by using IFRAMEs, which are HTML elements that draw content from other locations such as other websites. Clickjack attackers can embed an IFRAME on any website and overlay the invisible IFRAME on top of a legitimate button. When the user clicks the legitimate button, the attacker’s button or link is actually being clicked.

What makes this a very powerful way of attacking is that it is actually done within the bounds of the HTML specification, which means that the website is working as expected. The attackers are just exploiting this feature for malicious attacks. The World Wide Web Consortium (W3C) is trying to define a new standard that will make it possible for websites to disallow outside interference.

Website administrators may not know that something is wrong until complaints come in from users. It is hard to pinpoint that an attack has taken place because everything on the site looks the same and the clickjack element has been thoroughly disguised as harmless.

The NoScript add-on for Mozilla, the Gazelle Web browser, and the Framekiller JavaScript snippet are some measures that can be used to protect against a clickjack attack.

Advertisements

Related Terms

Latest Buzzwords and Jargon Terms

Related Reading

Margaret Rouse
Margaret Rouse

Margaret Rouse is an award-winning technical writer and teacher known for her ability to explain complex technical subjects to a non-technical, business audience. Over the past twenty years her explanations have appeared on TechTarget websites and she's been cited as an authority in articles by the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine and Discovery Magazine.Margaret's idea of a fun day is helping IT and business professionals learn to speak each other’s highly specialized languages. If you have a suggestion for a new definition or how to improve a technical explanation, please email Margaret or contact her…

Related News

dummy_img
Blockchain

Experts Roundtable: What DEXs Must Do Better for Adoption

Iliana Mavrou12 years
dummy_img
Artificial Intelligence

AI Alliance: More Than 50 Organizations Cast Wide Safety Net

Nicole Willing12 years
dummy_img
Featured Content

Chimpzee (CHMPZ) Will Soon End Its Presale, Enter Now Before Inevitable 10x Growth After Exchange Listing

Alan Draper12 yearsEditor-in-Chief
dummy_img
Artificial Intelligence

Understanding DePIN Protocols: How AI and Crypto Fit Together

Mensholong Lepcha12 yearsCrypto & Blockchain Writer
dummy_img
Artificial Intelligence

12 Best AI Books: What To Read If You Want to Learn & Earn

Tim Keary12 yearsTechnology Expert
dummy_img
Buzzwords and Jargon

8 Tech Terms & Buzzwords You Need to Know for 2024

Neil C. Hughes12 yearsSenior Tech Writer

Popular Categories
Show All

Antivirus
Antivirus
Artificial Intelligence
Artificial Intelligence
Audio
Audio
CRM
CRM
Cryptocurrency
Cryptocurrency
Gambling
Gambling
Gaming
Gaming
HR
HR
Investing
Investing
Laptops
Laptops
Network
Network
Password Managers
Password Managers
Project Management
Project Management
Spy
Spy
VoIP
VoIP
VPN
VPN