You are probably trying to imagine what this is, does this mean someone is trying to steal my car, something else? The answer is partially yes, someone is trying to steal something. This is when a spammer/attacker/phisher tricks you into clicking on something you didn’t intend to click on. The most common approach is when the attacker presents the user with a mix of two overlaid web pages in the browser window and some kind of incentive to click in specified places. This is just one of a number of ways that you can be hacked through email.
They can trick you by sending you to an ad or rogue website, and then switch out certain elements when you go to click on something.
The scammers continue to get more clever and can use such methods as:
- Using a brown/black dot that appears like dust on the screen
- Using a brown/black curve object that looks like hair on the screen
- User tries to wipe away dust or hair on the screen and activates the link
Be aware that touch screens open a whole new world of attacks that scammers can now use to try and trick you. Keep in mind that a piece of dust on the computer screen may not really be dust or hair. Continue to educate yourself so that you are aware.
There are multiple reasons/motivations for clickjacking attacks:
- Getting users to download malware
- Gaining control over a computer or mobile device
- Gaining access to peripheral hardware
- Getting users to post/like/publish/follow pages, groups, etc. on social media platforms without the person’s knowledge
So how can you prevent clickjacking attacks so that you do not lose money, customers or brand value? Ensure your web applications are secure from vulnerabilities from third parties by using a Web Application Firewall such as AppTrana or use an automated web security scanner like Tinfoil. You can also do periodic security assessments of your websites to know about the risks in your applications and suggestions on how to fix them.
Keep in mind that clickjacking is about deceiving the user and exploiting their trust in what they see in the browser window. As most web browsing traffic now occurs on mobile devices, the potential for creating misleading user interfaces has increased and just protecting traditional web browser access will not be enough. The challenges for users continue and it is up to us to continue to be diligent and aware.