Clickjacking: The Invisible Enemy, Stay Protected

Clickjacking: The Invisible Enemy, Stay Protected

Clickjacking attacks have been around the web since 2008. Now they are more active than before, penetrating the systems through the Facebook users. The clickjacking is often called ‘the invisible enemy’ as it can’t be seen, nor reasoned with.

What is Clickjacking

Clickjacking happens when a person in internet, who can be a scam artist or just a regular hacker, places a special interface element for the users, a transparency layer or an invisible button on the top of a web page button that seems ok.

For example, there might be a button on the web page reading ‘Clock here to see…(whatever)’ , which is hidden on the top of that button. The invisible button will lead you to a link, showing you content that you otherwise will never agree to click on.

The Result From the Clickjacking Attacks

Often the clickjacker sets a frame and load a legitimate website there and overlay the buttons that are invisible on top of the real site. The Clickjacking attacks are capable of:

  • Tricking you into enabling a camera or a microphone on your computer.
  • Tricking you into becoming a Twitter follower for someone you do not like.
  • Tricking you into changing your Facebook privacy settings.
  • Tricking you into “liking” things you do not normally like.

How to Protect Yourself From Clickjacking

There are two simple steps that you can follow in order to protect yourself from clickjacking. Here they come:

Step 1. Update the Internet browser that you use, including the plug-ins.

The user should always work with the latest version of the browser, so that you do not miss an upgrade that might keep you from being clickjacked. The security updates of Internet Explorer, Firefox, Chrome and the other Internet browsers are important, so do them. The browser plug-ins should also be updated, as the older versions might be vulnerable to the attacks of the clickjackers.

Step 2. Run Software for Clickjacking detection & prevention.

The Internet browsers are usually using built-in clickjacking protection, but it is limited. That is why the user should download powerful clickjacking detection & prevention plug-ins. Some of these plug-ins are free of charge. The best known plug-ins for clickjacking detection & prevention include:

  • NoScript – Firefox anti-clickjacking plug-in, free of charge.
  • Comitari Web Protection Suite-Home Limited Edition – free version, feature limited.

You should know that the prevention of clickjacking is shared responsibility between the users and the developers of websites and web applications.