Clicking Gone Wrong: Click Jacking and Click Baiting
A lot of computer user love using the internet which leads to manage, and when users use the internet of course it is inevitable to open up a browser. Doing a lot of stuff on the web such as online shopping, social interaction and reading our emails.
But clicking too much on the web can come with great repercussions due to a known vulnerability in HTML itself. A simple click can potentially make you a Phishing Victims.
Clickjacking as the name suggests forces you to do a function through clicking, sounds simple? Yes it does sound simple, but let’s see how simple by checking out the image below:
Sample Function: The user will only see the picture of the woman, the LinkedIn form will not be visible but still serve its function once the user clicks on the picture. The function will vary depending on how the attacker programmed what is in the hidden form.
Another example could be an email with a link to a winning raffle entry. After clicking it will take you to a page saying that you won. See photo:
After clicking it could be possible that in the background you already purchased an item in Amazon. Assuming that you are logged in your Amazon account, then that “purchase” will be taken to your account. The hacker can only send a single click, so their success lies whether you are logged in through your browser by the time you have clicked the bait.
In Flash, there used to be an exploit tricking users enabling their web cam and microphone.
Aside from taking advantage of vulnerabilities on HTML, a new form of clicking technique has been going on lately to improve a user’s blog/news site audience in social media. Yes literally it is called a Click bait, how? Articles with twisted titles and catchy photos and captions would easily catch the attention of viewers and followers, then they will be taken to the article which is sometimes far from the article it was advertised or taken to a page with loads of ads and then comes in the Click jacking technique embedded in one of the elements in the page. A hard to escape social engineering technique.
Prevention
As a user one who is not aware of click jacking would not be able to protect themselves, so to stop Fraud Prevention, fraud alert and Cybercrime Solutions are needed. Awareness is the key, but is that enough? Of course not, so here are Fraud Prevention tips:
On Mozilla Firefox desktop and mobile, you can get a browser extension named No Script to help you protect from Clickjacking.
What if you are a website owner and you want to protect your site from hackers to maliciously inject a code for clickbait? Especially if you own an e-commerce shop where you collect vital customer information for purchases and registration; by not protecting the site could be a possible clickjacking nest for hackers who would use your site for phishing activities. Not only that the security of your customers are jeopardized, your website’s reputation will also be affected too. Here is a Fraud Prevention tips :
Protect your website from User Interface redressing by adding a Framekiller JavaScript template in the pages you do not want external contents to be included inside the frames of your web page.
Prevention is better than cure for both users and owners of websites.
