Clickjacking is a form of cyber attack where the victim inadvertently clicks on links on a website they trust, unaware that they are actually interacting with a concealed, malicious website layered over the legitimate one.
Occasionally, the click may appear harmless. For instance, a scammer posing as a marketer might craft a post to garner likes on a Facebook page—a tactic termed likejacking. This seemingly innocuous click could lead to more nefarious activities, such as the unauthorized installation of malware or activation of JavaScript code to hijack webcams, steal passwords, or log keystrokes.
Cursorjacking presents another variation of clickjacking. Here, attackers deceive users by incorporating a custom cursor image that misleads victims into clicking on unintended areas of the page. In more sophisticated clickjacking scenarios, victims may unwittingly input sensitive information like usernames, passwords, or credit card details into what they perceive as familiar, trustworthy websites, only to have their data harvested by the hidden, malicious site.
Also referred to as a user interface redress attack, the term “clickjacking” was coined by Jeremiah Grossman and Robert Hansen in 2008.
While clickjacking may resemble spoofing, where cyber attackers replicate websites or landing pages to deceive users into believing they are authentic, it operates on a more intricate level. In a clickjacking scheme, the victim views the genuine website of a reputable entity. However, an invisible overlay has been added by the attacker using various HTML technologies such as custom cascading style sheets (CSS) and iframes, allowing external content to be superimposed onto the original website.

Types of Clickjacking Attacks
There are various types of clickjacking attacks that can become increasingly complex due to the open nature of the internet and ongoing advancements in web frameworks and CSS.
Classic Clickjacking
involves using the content of a chosen website or service to deceive its users into performing unintended actions.
Likejacking
is an earlier form of clickjacking focused on increasing views and likes on specific web pages or videos, typically considered harmless and less common today.
Cursorjacking
occurs when attackers replace the user’s cursor with a fake one to trick them into unknowingly clicking on malicious elements.
Cookiejacking
is a tactic where attackers aim to obtain cookies stored in the victim’s browser, often by enticing users into seemingly harmless drag-and-drop operations on the attacker’s webpage.
Filejacking
exploits the browser’s ability to open files on the user’s device, enabling attackers to access their local file system, microphone, or location data.
Complete Transparent Overlay
One of the most prevalent clickjacking methods involves overlaying a legitimate webpage onto a malicious one using an invisible iframe. Users are unaware that they are interacting with a hidden malicious page underneath.
Cropping
A more intricate technique involves overlaying selected controls from the malicious page onto the legitimate one. This can include replacing hyperlinks with redirects, altering button text, or modifying content to confuse users.
Hidden Overlay
This includes tactics like cursorjacking, where a small, undetectable iframe is positioned under the mouse cursor, directing clicks to the malicious page.
Click Event Dropping
Here, attackers make clicks appear ineffective by setting the CSS pointer-events property to none, redirecting user interactions to the hidden malicious page.
Rapid Content Replacement
Sophisticated attackers may rapidly replace overlays to register clicks on potentially malicious buttons or links without users noticing the switch.
Beyond overlay methods, attackers use other tactics like:
Scrolling
Creating a seemingly harmless dialog box or pop-up with buttons that lead to a malicious page, potentially circumventing ad blockers.
Repositioning
Quickly moving a trusted UI element while users are distracted, leading them to inadvertently click on the moved element.
Drag and Drop
Tricking users into interacting with web forms that capture personal information for malicious use.
As web technologies evolve, clickjacking and similar cyberattacks will persist, requiring vigilance to detect and mitigate suspicious activity promptly, particularly in large organizations where employees and customers engage with web properties extensively. Reporting unusual behavior promptly to security teams is crucial for thwarting potential cyberattacks.
How to Prevent Clickjacking?
Fortunately, there are several measures an organization can implement to safeguard its employees, customers, and other stakeholders from clickjacking attacks. Typically managed by the web development team, these protections are server-driven and require coding proficiency and understanding of web functionality.
Prevent Framing
Implementing a Content Security Policy (CSP) can deter framing or the rehosting of website content within an HTML container on external sites. The CSP restricts the application of specific web resources, like JavaScript and CSS, to only approved sources.
Move the Current Frame to the Top
Utilizing X-Frame-Options, which entails including a response header in webpages, grants control over rendering pages in frames, embeds, or objects. While initially developed for Internet Explorer 8, its compatibility varies across browsers, necessitating careful consideration during implementation.
Browser Add-ons
Some web browsers offer add-ons that block scripts upon HTTP requests, preventing execution of cyber attacker’s code. This client-side approach requires employees to install these add-ons across their devices for enhanced protection.
Framekiller
Incorporating a framekiller, a JavaScript code, serves a function akin to X-Frame Options, preventing webpage elements from being loaded and displayed within a frame. It validates whether the current window is the main window to block unauthorized displays.
Strong Cybersecurity Solution
Deploying robust cybersecurity platforms next-generation firewall (NGFW) can effectively shield networks from diverse threats, including clickjacking, by identifying and intercepting suspicious activities in real time.
Employee Education
Employee training is vital, empowering them to recognize and report suspicious activity, potentially thwarting ongoing clickjacking attacks. Integrated into broader cybersecurity education, employees should remain vigilant for any anomalies in website interfaces or unexpected clicks, promptly alerting the security team when warranted.
常見問題
What is clickjacking, and how does it work?
Clickjacking is a type of cyber attack where users are tricked into clicking on elements of a webpage unknowingly. Attackers overlay deceptive elements on top of legitimate web content, leading users to unintentionally interact with malicious actions.
How can clickjacking attacks be carried out?
Clickjacking attacks can take various forms, such as complete transparent overlays, cropping, hidden overlays like cursorjacking, click event dropping, rapid content replacement, scrolling, repositioning, and drag and drop tactics.
What is the significance of preventing framing in clickjacking defense?
Preventing framing through techniques like Content Security Policy (CSP) helps stop the unauthorized rehosting of website content on external platforms, safeguarding against clickjacking attacks that exploit framed content.
How do X-Frame-Options contribute to clickjacking prevention?
X-Frame-Options, implemented through response headers in webpages, allow webmasters to control how browsers render pages in frames, embeds, or objects, effectively blocking attempts to overlay legitimate content with malicious elements.
Are browser add-ons effective in preventing clickjacking?
Yes, browser add-ons can enhance protection by blocking scripts upon HTTP requests, thereby thwarting the execution of malicious code during clickjacking attempts.
What role does a framekiller play in clickjacking defense?
A framekiller, typically implemented as a JavaScript code, prevents webpage elements from loading and displaying within frames, ensuring that content is only viewed in the main window and thwarting clickjacking attempts.
How does a robust cybersecurity solution contribute to clickjacking prevention?
Next-generation firewall (NGFW) solutions, like Fortinet, offer real-time threat detection and interception capabilities, effectively safeguarding networks against various cyber threats, including clickjacking attacks.
Why is employee education crucial in combating clickjacking?
Employee training empowers individuals to recognize and report suspicious activity, enabling timely intervention to prevent or mitigate clickjacking attacks. Employees should remain vigilant for anomalies in website interfaces and promptly alert security teams when necessary.
總結
Clickjacking poses a persistent threat to cybersecurity, exploiting users’ trust in legitimate websites for malicious purposes. However, proactive measures such as CSP, X-Frame-Options, browser add-ons, and employee education can mitigate these risks. By staying vigilant and adopting effective defenses, organizations can protect themselves and their stakeholders from the dangers of clickjacking.


