Clickjacking
An attack where users are tricked into clicking on malicious elements hidden on a webpage.
Understanding Clickjacking
Clickjacking manipulates the visual representation of a webpage, making users believe they are interacting with a safe UI when they are actually clicking on attacker-controlled elements. This attack bypasses traditional security defenses because it exploits human interaction rather than software vulnerabilities.
Types of Clickjacking Attacks
Likejacking – Tricks users into unknowingly "liking" social media posts.
Cursorjacking – Manipulates cursor positioning to mislead users.
Clipboard Hijacking – Replaces copied text with attacker-controlled content (e.g., replacing a Bitcoin wallet address).
Permission Hijacking – Tricks users into enabling webcam, microphone, or location tracking.
Best Practices for Prevention
Implement X-Frame-Options Headers – Prevents sites from being embedded in iframes.
Use Content Security Policy (CSP) – Restricts the execution of unauthorized scripts.
Frame Busting Techniques – Prevents attackers from embedding site content into hidden frames.
User Awareness – Educating users about suspicious clicks can reduce risk.