What is clickjacking?
First officially in 2008 by web security experts Robert Hansen and Jeremiah Grossman, clickjacking is when a seemingly harmless link or button on a web page can instead prove disastrous. With a single click the user can subsequently be rendered helpless in the control of their computer or inadvertently reveal confidential information. You can easily recognize those potentially harmful links if you learn how to follow the internet security tips!
This malicious attack, also known as a User Interface redressing is a hidden layer of code or an opaque overlay that fools the user and ‘hijacks’ – hence the term – actions which they initially believed were to ‘Press to play’ or ‘Order here’. Basically it involves the positioning of a corrupt button directly over one such as these
Facebook, Twitter and Adobe have all been victims of such attacks with differing consequences with users of the latter seemingly initially most vulnerable which, when corrupted can allow hijackers visual and audio real time access to their quarry.
The risk to your business
The potential threat to businesses is similar to those for the individual but can have far reaching consequences. If browsing a clickjacked site, the recognisable and normally trusted ‘Skip This Ad’ prompt may have been over layered with an invisible web page, which may instead delete all messages, reveal the user’s client information or financial details
Having such historical data, customer interaction or simple contact particulars erased can cripple a company’s operational capabilities, a situation that could take years to rectify causing irreparable damage in the process
Other indirect repercussions could be that the ghost site sends a mass email to the browsers address book that contains other spam or virus content. It multiplies the effects of the attack and potentially destroying the credibility of the assumed sender
Who has been a victim?
One of the first high profile scams in 2010 saw Facebook plagued by supposed ‘Likes’ of commands such as “click here for Justin Beiber’s phone number” which then showed a “like’ on that user’s page
More recently Twitter faces a click jacking problem. When a spate of direct message appears with the message ‘Did you see this picture of you lol’. Seemingly harmless enough and it will surely spike one’s curiosity, upon clicking users will enter in to a fake Twitter page which is going to steal their password for the social network.
In 2012 a more serious example saw a US hacker network generate over $14 million via four million people in over 100 countries
The limitations of these cyber crimes are apparent. Firstly this method relies on engagement with the user and the reliance on some form of action. This dependency reduces the opportunity significantly. Secondly the early detection of clickjacking enabled the development of numerous combative methods, which subsequently eradicated or significantly reduced the problem when implemented. Such awareness has significantly impacted on the potency of the perpetrator.
Prevent Clickjack
As with any form of spam, common sense is your first defence. Any offer or guarantee that seems you should ignore that. If there is any doubt whatsoever in the authenticity of what is on screen, don’t consider clicking
So, if you ever see an unusual video and it is from a social media site, the chances are it is a scam. If it is genuine it will available on Youtube so check it out there
Similarly having opened a link, if you are required to complete some form of survey or enter further details before you can proceed, it is likely to be fake
You should check the security of the social site, such as making your Facebook account private and only viewable by your friends. This negates a clickjacker’s ability to access your page
As with all forms of hacking be wary of emails without a subject or direct messages that are suspicious. To add extra protection against the vulnerability of your email inbox use spam filters.
Firewalls are also a valuable tool in preventing access. To your browser or sites that you visit and will offer significant protection against numerous hacking scenarios not just clickjacking. Some have doubted the ability of a firewall and other methods to keep the clickjacker away. However having an extra line of defense can only be of benefit
With all these plug-ins and applications regularly update them, as older versions tend to be more susceptible to attack.
What if it’s too late?
Remove any suspicious posts on your social media platforms. Check for any downloads or applications that may have appeared that you were unaware of
Update all your security systems and finally check your phone bill. If you have fallen victim to a serious cyber crime you may be in for a nasty surprise. But, don’t let it be too late! The prevention is everything! Follow the cyber security tips!
Related Products