What Is Click Jacking?

No matter how many graphics you see, or how many web apps you run across, you must remember that the life blood of the internet is its linking capabilities. Without the ability to link to other parts of the web, the internet itself would be lifeless. With links, we are able to discover new parts of the internet that we didn’t even know we were looking for. For example, you might be looking for a town with a certain name. So you search in Google and when you find the town and their web site you see that the town is famous because a certain celebrity was born there. You now click on the link where the celebrity name is at and you are now off to another part of the web where the adventure awaits. This is the power that links hold. But sometimes that power can be abused.

That power can be abused by what is known as a click jacking attack. The mechanics of this type of attack are very simple but it still fools people all of the time. What you do to commence this type of attack is to set up a web page with certain images on there. Or it can be text but most of these attacks use images since they are most likely to be clicked on. So you have the image but unbeknownst to the visitor of the web site there is another link on top of that image. It is just set to be invisible so you cannot see it. So once you try to click on that picture, you will soon see that you are not being directed to where you thought you were supposed to go. You are actually on a different web page all together. And on this web page your computer can be getting attacked.

Most black hat hackers use this trick to make money, so instead of a piece of malware infecting your machine, you actually clicked an affiliate ad of some sort.

Click jacking is a simple attack that is still used all of the time. Just try to be careful so you do not fall for it.

About Lee Munson

Lee's non-technical background allows him to write about internet security in a clear way that is understandable to both IT professionals and people just like you who need simple answers to your security questions.

Comments

  1. I’ve seen that Krebs post now, thanks. Did laugh when I read that he was secretly on the forum himself 😀

  2. Thats a very interesting site Dave. Have you ever considered creating your own? You must have a huge wealth of information to share…

    • Not me, i tried once years ago but it just wasnt me so i gave it up after a short time.

      • Thats a shame – I bet any blog or web site you had would have made a cracking read.

        • It may have been but i really dont have the time to do anything else. Sometimes i am spread way to thin now trying to keep up with what i do have out there. Then i went an added G+ so that really put some extra time on me.
          I wouldnt change it, i enjoy it an i know it helps a lot of users.

          • I know what you mean about being spread too thin – I had my hours cut at work and yet I seem to have less spare time than ever now :/

  3. Thats the reason i warn users to be careful when they use search engines to look up something, i tell them to look before they click, an make sure they are using a link scanner.
    Thank goodness many AV programs now have link scanners included.
    When someone starts using Firefox i suggest that they use NoScript to help keep them safe while surfing.

Trackbacks

  1. […] is a bunch of different ways that they do this. Most of the ways is through some sort of technical means. But for the most part this is how a lot of black hat hackers make their money. So if you are […]

Speak Your Mind

*