Clickjacking techniques involve convincing the user to click on something that they did not intend to click. This approach is often used to spread malware or gain unauthorized control of devices. This section explains the history of clickjacking, its many evolutions throughout the history of the web, and best practices for preventing clickjacking attacks.Clickjacking attacks
have been around for over a decade, but they are still being used across the world to install malware
and collect personal identifiable information. Also known as a User Interface Redress Attack or UI Redress for short, clickjacking involves fooling the user into clicking on something different than intended. This is typically done to cause an unwanted download or escalate the privileges of malicious software. This section will explore the origins of clickjacking, the several variations of the technique, and how a user or organizations can protect themselves from clickjacking attacks.Clickjacking
attacks are often invisible and very difficult to detect. Most clickjacking attempts can be blocked directly by the site administrator. Aside from the script mentioned earlier, Internet Explorer developed measures in 2009 that partially protected against clickjacking attacks. As a user, preventing clickjacking attacks is a matter of prescience and awareness. Ensuring the web page matches the URL, being aware of invisible “clickable” sections of web page, and being aware of false web buttons are all ways that a user can prevent clickjacking attacks. Web browser extensions and add-ons like NoScript have features that specifically prevent users from clicking on invisible sections of a website.In summary, clickjacking is a web-based hacking technique
that has seen much use and evolved into many different forms. In each iteration, the basic idea is the same: Convince the user to click on something that they did not intend to click on. Clickjacking has involved into cursorjacking, likejacking, browserless clickjacking, and many other adapted forms. Each form of the attack serves a separate purpose, with the ultimate purpose to convince the user to unknowingly carry out unauthorized actions. Prevention of clickjacking attacks falls on site administrators and individual users. Site owners can install scripts that prevent clickjacking attacks, and users can install anti-clickjacking add-ons for their browser and employ safe web practices.