We are independent & ad-supported. We may earn a commission for purchases made through our links.
Advertiser Disclosure
Our website is an independent, advertising-supported platform. We provide our content free of charge to our readers, and to keep it that way, we rely on revenue generated through advertisements and affiliate partnerships. This means that when you click on certain links on our site and make a purchase, we may earn a commission. Learn more.
How We Make Money
We sustain our operations through affiliate commissions and advertising. If you click on an affiliate link and make a purchase, we may receive a commission from the merchant at no additional cost to you. We also display advertisements on our website, which help generate revenue to support our work and keep our content free for readers. Our editorial team operates independently of our advertising and affiliate partnerships to ensure that our content remains unbiased and focused on providing you with the best information and recommendations based on thorough research and honest evaluations. To remain transparent, we’ve provided a list of our current affiliate partners here.
Security

Our Promise to you

Founded in 2002, our company has been a trusted resource for readers seeking informative and engaging content. Our dedication to quality remains unwavering—and will never change. We follow a strict editorial policy, ensuring that our content is authored by highly qualified professionals and edited by subject matter experts. This guarantees that everything we publish is objective, accurate, and trustworthy.

Over the years, we've refined our approach to cover a wide range of topics, providing readers with reliable and practical advice to enhance their knowledge and skills. That's why millions of readers turn to us each year. Join us in celebrating the joy of learning, guided by standards you can trust.

What is Clickjacking?

By Ken Black
Updated: May 16, 2024

Clickjacking is a malicious software form that can seemingly take control of the links that an Internet browser displays for various Web pages. Once that takes place, and once a user tries to click on that link, the user is taken to a site that is unintended. In some cases, the user may be able to recognize this immediately; in other cases, the user may be totally unaware of what took place.

Clickjacking occurs when a malicious program is embedded into a Web site. This program hovers under the user's mouse, according to Jeremiah Grossman, a security researcher dealing with Internet issues. Once the user clicks, usually on a link but it can be anywhere on the page, a new Web site may appear or software may be downloaded and clickjacking has occurred.

The possibilities for how clickjacking software could be abused are endless. There are a number of things that have major Web sites and companies especially alarmed. First is the fact the program can run on virtually any Web site without the Web site owner's knowledge or ability to stop it. Second, clickjacking can take the user to a mirror site while still making them believe they are on the Web site of the company and mine personal information, often which is freely given. Third, no browser, except the very few that are not based on graphics, is immune from clickjacking software.

In addition to stealing personal data, such as bank account information, credit card information and Social Security numbers, clickjacking can also install a number of software applications on a computer without the user's knowledge. This software could be harmful viruses, spyware or adware. The latter may not be extremely harmful in nature but it often presents a big problem for computers.

Details on how clickjacking works, other than the basic information already listed, are being closely guarded. Browsers and Internet security software companies are working on a security patch that would help correct the situation. However, that may take some time.

Other than using a text-based browser, such as Lynx™, there is not much that can be done at this point. Those employing some sort of a solution will find the Internet browsing will become far different than what they used to. There are applications, such as NoScript™, that can block Java and script applications from running on a browser, but this would render some Web sites virtually useless.

EasyTechJunkie is dedicated to providing accurate and trustworthy information. We carefully select reputable sources and employ a rigorous fact-checking process to maintain the highest standards. To learn more about our commitment to accuracy, read our editorial process.
Discussion Comments
By Matis — On Jul 03, 2011

Out of curiosity, I was wondering how to clickjack, and how difficult it really is. I don’t know a great deal about computers. I’m more likely to be the person who is a victim of something like this.

The individual who is perpetrating a clickjacking, if you will, seems to have many ways to do this. I was surprised that someone could embed an invisible link underneath a button to take over the link and send the user to a different site completely.

I am concerned enough about all the ways I can accidentally cause my computer to self-destruct. I certainly don’t need help from some virus or spyware. And, I really don’t want my personal information stolen! I hope there is a good fix for this soon.

By Andras — On Jul 02, 2011

You can find articles with clickjacking examples by doing a quick search. Hopefully we can arm ourselves against these attacks as much as possible until there are better ways to get rid of them all together.

Even worse than the ‘like’ buttons on Facebook are the ‘flattr’ micropayment buttons being used on other sites. A user can incorporate a ‘flattr’ button on their page to be given a monetary reward by someone who likes their site.

These are being used by clickjackers to get the payments themselves. There is no way to reverse the ‘flattr’, so you are stuck with it if you get clickjacked.

By liz1103 — On Jul 01, 2011

This is a completely new threat for me. I knew to be aware of things like Trojans, and phishing, and the like. But clickjacking? I have never heard of it before now. I know a lot of us use social networking sites.

I just read that clickjacking attacks are being done with Facebook’s ‘like’ buttons. I don’t want to click on anything! The people behind these clickjacking attacks are pretty sneaky. The best advice I have read so far is to be leery of any posts that seem out of character for your social network friends. Hopefully as this information becomes more widespread, there will be a quick end to clickjacking.

Share
https://www.easytechjunkie.com/what-is-clickjacking.htm
EasyTechJunkie, in your inbox

Our latest articles, guides, and more, delivered daily.

EasyTechJunkie, in your inbox

Our latest articles, guides, and more, delivered daily.