Margaret Rouse is an award-winning technical writer and teacher known for her ability to explain complex technical subjects simply to a non-technical, business audience. Over…
A clickjack attack is a malicious technique used by an attacker to record the infected user’s clicks on the Internet. This can be used to direct traffic to a specific site or to make a user like or accept a Facebook application. More nefarious purposes might be to collect sensitive information saved on a browser, such as passwords, or to install malicious content.
This type of attack is also known as clickjacking or UI readdressing.
Normally, a clickjack exploitation is carried out by placing a concealed link over a valid button. However, the exploitation may also include the following:
A clickjack attack can be implemented by using IFRAMEs, which are HTML elements that draw content from other locations such as other websites. Clickjack attackers can embed an IFRAME on any website and overlay the invisible IFRAME on top of a legitimate button. When the user clicks the legitimate button, the attacker’s button or link is actually being clicked.
What makes this a very powerful way of attacking is that it is actually done within the bounds of the HTML specification, which means that the website is working as expected. The attackers are just exploiting this feature for malicious attacks. The World Wide Web Consortium (W3C) is trying to define a new standard that will make it possible for websites to disallow outside interference.
Website administrators may not know that something is wrong until complaints come in from users. It is hard to pinpoint that an attack has taken place because everything on the site looks the same and the clickjack element has been thoroughly disguised as harmless.
Techopedia’s editorial policy is centered on delivering thoroughly researched, accurate, and unbiased content. We uphold strict sourcing standards, and each page undergoes diligent review by our team of top technology experts and seasoned editors. This process ensures the integrity, relevance, and value of our content for our readers.
Margaret is an award-winning technical writer and teacher known for her ability to explain complex technical subjects to a non-technical business audience. Over the past twenty years, her IT definitions have been published by Que in an encyclopedia of technology terms and cited in articles by the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine, and Discovery Magazine. She joined Techopedia in 2011. Margaret's idea of a fun day is helping IT and business professionals learn to speak each other’s highly specialized languages.
What is “When Lambo?" “When Lambo?” is a slang term used in the cryptocurrency community referring to when an investor...
Nicole WillingTechnology Journalist
What is the Chicago Board of Trade (CBOT)? The Chicago Board of Trade (CBOT) is one of the biggest and...
Indrabati LahiriFinancial Writer & Editor
What is Doomscrolling? Doomscrolling or doomsurfing is the term used to describe social media users habitually scrolling through their newsfeeds...
Tim KearyTechnology Specialist
Trending NewsLatest GuidesReviewsTerm of the Day