What Is Clickjacking?
Clickjacking is exactly what it sounds – hijacking your click. It’s a way to trick Internet users to click on something they wouldn’t want to click on voluntarily. It’s achieved through visual misinformation. The user clicks on a link expecting it to be something else. For example, a pop-up ad made to look like a Microsoft Windows error window that can be closed by clicking on the X button on the top right corner. The user clicks, with the intention of closing the window, but in reality, the X button opens a link to another page or does some other unwanted action.
Another example – this one would be familiar to anyone who’s attempted to download something from a filesharing domain. The page would contain more than one “Download” button, sometimes the number of these buttons can get quite absurd, to the point where some users might give up on downloading the file altogether. Those are just two examples, but clickjacking can take many forms, from fake ads (click here to win an iPhone) to downloading malware. This could be harmless, it could even be a simple prank, but sometimes, clickjacking can have some negative consequences.
How Does Cllickjacking Work?
Normally, user interface has the simple goal of notifying the user on what he or she is about to do. Clickjacking developers have the exact opposite intention- of deceiving the user into clicking something they don’t want to click. It’s a simple, yet effective way to redirect people to places or actions they wouldn’t normally do.
Social Media Clickjacking
Social media websites have loads of buttons to click. That makes them very clickjack friendly. Let’s take a look at the most popular websites and what clickjacking possibilities they offer:
- Facebook – likejacking, sharejacking, followjacking are well-established staples of clickjacking. Funnily enough, with the inclusion of the new “Reaction” buttons, LOVEjacking, ANGRYjacking and HAHAjacking are all possible now.
- Twitter – another clickjack friendly site, dishonest Twitter users can up their followers, retweeted and favourited posts through clickjacking.
- Youtube – though not exactly a social media site, clickjacking is also common for Youtube content. It can be used to add more Thumbs up or even Thumbs down on a video, to trick people into subscribing to a Youtube channel.
The reason why social media users, especially businesses, are more prone to clickjacking than a regular site is the advertising value a well-liked (as in a big amount of Facebook likes) social media profile might have. It can also be used by individuals who simply want to attract more attention to their profiles simply for narcissistic reasons.
Clickjacking Could Pose a Serious Security Threat
While social media clickjacking is dishonest, it’s mostly harmless to the user whose click has been hijacked. The uglier side of this internet trick is malware spreading and theft of personal information. The two most dangerous types of clickjacking are:
- Site cloning – the wrong click on a malicious clickjack connection in a legitimate site can re-direct you to a cloned version of the web page. That can lead to all sorts of problems. Any usernames, passwords, and codes imputed into the fake site go directly to its creators. That way they can access your profiles, and that can lead to identity theft, theft of bank account information and other security risks.
- Download buttons – they upload malware to your computer. That’s happens when a button on a Webpage masks itself as a program the user might want to download. Once clicked, the file gets downloaded to the PC and infects it. PUPs also rely heavily on this method of distribution.
Protection from Clickjacking
While it could be hard to determine if what you click on is a genuine connection or a fake one, you can still take a few steps to prevent your click from being jacked. Avoid visiting suspicious websites, especially torrent trackers, and other dubious file-sharing services. Don’t click on ads that are promising something that’s too good to be true, like winning an iPhone, or a million dollars or the location of the fountain of youth. Another Internet phenomenon that you shouldn’t click on are the vague posts like “You won’t believe what X celebrity wore on Y event”, accompanied by a provocative photo, usually of a sexy girl. In addition to that, most mainstream browsers like Google Chrome, Mozilla Firefox, and Opera offer add-ons that can warn you against clickjacking.