Tuesday Tip: Have You Ever Been Clickjacked?

By Kristen Evangelista

You are probably trying to imagine what this is, does this mean someone is trying to steal my car, something else? The answer is partially yes, someone is trying to steal something. This is when a spammer/attacker/phisher tricks you into clicking on something you didn’t intend to click on. The most common approach is when the attacker presents the user with a mix of two overlaid web pages in the browser window and some kind of incentive to click in specified places. This is just one of a number of ways that you can be hacked through email.

They can trick you by sending you to an ad or rogue website, and then switch out certain elements when you go to click on something.

The scammers continue to get more clever and can use such methods as:

  • Using a brown/black dot that appears like dust on the screen
  • Using a brown/black curve object that looks like hair on the screen
  • User tries to wipe away dust or hair on the screen and activates the link

Be aware that touch screens open a whole new world of attacks that scammers can now use to try and trick you. Keep in mind that a piece of dust on the computer screen may not really be dust or hair. Continue to educate yourself so that you are aware.

There are multiple reasons/motivations for clickjacking attacks:

  • Getting users to download malware
  • Gaining control over a computer or mobile device
  • Gaining access to peripheral hardware
  • Getting users to post/like/publish/follow pages, groups, etc. on social media platforms without the person’s knowledge

So how can you prevent clickjacking attacks so that you do not lose money, customers or brand value? Ensure your web applications are secure from vulnerabilities from third parties by using a Web Application Firewall such as AppTrana or use an automated web security scanner like Tinfoil. You can also do periodic security assessments of your websites to know about the risks in your applications and suggestions on how to fix them.

Keep in mind that clickjacking is about deceiving the user and exploiting their trust in what they see in the browser window. As most web browsing traffic now occurs on mobile devices, the potential for creating misleading user interfaces has increased and just protecting traditional web browser access will not be enough. The challenges for users continue and it is up to us to continue to be diligent and aware.

Kristen Evangelista Headshot

Kristen Evangelista: In her role as Client Manager II with Network 1, Kristen is the liaison and main point of contact for clients in both the medical and financial professions. She is skilled at listening to her clients’ needs and acting as a liaison between them and the field engineers and support team.

Network 1 designs, builds and supports the IT you need to run your business more securely, productively and successfully. Whether you want to outsource all of your IT needs to a reliable, responsive, service-oriented company, or need to supplement the work of your internal IT staff, we will carefully evaluate where you are now, discuss where you want to go and implement and support a plan to get you there with as little interruption as possible.

Leave a Comment

Related Posts