CLICKJACKING

Be alert when you are using websites that contain many ads. Creating ads are the current trending way into tricking users to visit malicious pages. For an example, if you are viewing an e-commerce/online shopping web page and there is a alert with the caption “iPhone is now at $1” and a button saying “Click here to buy it”. These kinds of ads are the most common target of the attackers. You will notice that, if you click the ad or button, you will be redirected to another non-related (malicious) sites – exactly what the hacker wants. If the criminal redirects the user to a download function, this makes a pathway for malicious scripts, trojans or viruses to enter your machines. In smartphones, a hacker can redirect the user to download an application which could completely compromise your phone.

What is click-jacking?

A malicious technique (hijack the clicks of the user in the webpage) that followed by the attackers to trick the user to click another website.

How to prevent hijacking?

As mere web users, we cannot do anything. What we can do is BE AWARE and BE ALERT. X-frame (CSP – content security policy) option can be set by the developer to be a medium of click-jacking as this option provides a header which can’t be indicated through a browser by using “<frame> or <iframe> or <object>”.

CAPTCHA is another solution to prevent this attack. CAPTCHA will not eliminate the clickjacking but by its verification after the user’s click will slow down the attack and reduce its operations. It provides some time intervals to the web users to get rid of the attack.

Benjamin Sahayanathan

References:

https://www.owasp.org/index.php/Clickjacking
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
https://www.google.com/recaptcha/intro/android.html

Related posts

Leave a Reply

Your email address will not be published. Required fields are marked *