Clickjacking is a malicious exploit in which user is lured to click on some clickable entity on the web page, which seems to be legitimate but the malicious code resides behind the clickable entity. Clickjacking is also known as User Interface redress attack, UI redress attack, UI redressing. The malicious code is executed without the user’s knowledge when he tends to click on some legit clickable entity on the web page.
A clickjacked web page consists of layers defined using iframe (to simplify, the single web page have other page residing in it). To make those layers invisible attackers set opacity to zero and the user is unaware about the malicious link or button resides behind the button that looks legit. The malicious code can be anything; it can hijack your cookies or delete all your messages from mail or make a transfer from bank account or download and install a malware.
Tips to protect from clickjacking attack
Protection from clickjacking is majority a admin side responsibility, but as a user we also have to take necessary actions to avoid being victim.
- Always check your browser for latest version and keep your browser updated. Always check for the latest version of installed plugins, especially flash and keep them updated.
- Install NoScript add-ons for Mozilla Firefox browser. If the certain web page you are visiting that you have doubt then use NoScript. You can choose the web entity for which you can enable or disable NoScript. Similarly you can use ScriptSafe for Google Chrome browser.
- Avoid visiting links from email and the link that are viral on social media. You can also become the victim of phishing attack by clicking on such non-recognized links.
- It is good practice to use security focused browser
Educate yourself with these cyber attacks and avoid being hacked or being victim of any scams. Spread the word of cyber security awareness with others. There are certain myths believed about the cyber security but you should ditch believing those cyber security myths now. We will be coming with more articles on cyber security awareness and educate our readers. Keep sharing. Subscribe for direct updates right in your inbox. Stay tuned to Tech Tunes.
Follow me on Twitter