JUST IN

Clickjacking attack | how hackers steal your banking info?

WhatsApp Group Join Now

Clickjacking is an attack that fools users into thinking they are clicking on one thing when they are actually clicking on another. Its other name, user interface (UI) redressing, better describes what is going on.

In simple terms, Clickjacking is a type of cyberattack which is essentially a veiled one in that you are baited into clicking on a webpage element that is not what it shows there and is, in fact, another HTML element in disguise. Hence, unaware of the actual threat, you click and something harmful to your PC or smartphone enters it, like malware which can even steal your banking information or sensitive personal data.

 

 

These are the types of Clickjacking : 

 

There are some specific types of Clickjacking that have been given their own names. One of them is Likejacking, which is about disguising a Facebook ‘Like’ button. Facebook users hit that Like button thinking it to be of something they would actually like but instead that ‘Like’ gets registered for some other Facebook page, with the users being totally oblivious to the truth. Similarly, it has happened in the case of a Twitter page also, with the supposed Like actually ending up re-tweeting the location of the malicious web link, thus causing it to reach more people.

 

Another form of Clickjacking is Cursorjacking, which works in the same way, only this time the cursor’s position on your screen is not where you see it.



How hackers can use this ‘trick’?



Let’s furnish an example of how hackers employ this cyber trick. They’ll first create a page that is most likely to attract the attention of the target, like a free gift/free iPhone or trip to somewhere. And there will be an invisible iframe with another page with a clickable on-screen button that is for some other function, like “transfer funds” or “enable” some function. The free gift button is aligned just above the, let’s say “enable permission” button for something and when the user clicks on the button thinking it to be a gift button, it is actually for something else.

 

Clickjacking has been used earlier to alter the security settings of Flash player, which allowed a Flash animation to get control over the microphone and camera of a certain PC.

How is social engineering used in clickjacking?

Cybercriminals use social engineering disguise threats as material that don’t look blatantly malicious. Some of the most commonly used social engineering techniques that have been used in recent clickjacking attacks include the following:

  • Exclusive Clips. These are threats that declare to have photos or videos of exclusive content. Users who may want to read about this “exclusive content” end up being tricked into clicking the malicious link.
  • Latest Updates on World News. Clickjacking attacks also take advantage of the latest news to disguise itself. Updates on significant events may attract users who want to be updated in real time.
  • Breaking Entertainment News, Gossip. Entertainment news and anything related to showbiz controversies and intrigue (including hoaxes) can be used to trick users.
  • Promos, Contests. Users are enticed by any good contest or promo. However, in their desire to win, they may end up becoming victims of a clickjacking attack.
How do cybercriminals set up the attack?
Similar to KOOBFACE attacks, the people behind clickjacking attacks create dummy accounts on social networking sites.
Here’s a rundown of the steps that clickjacking attackers do to carry out the threat:
1. Set up dummy accounts in social media like blog sites.
2. Create posts that contain malicious scripts. These posts also include images or videos that employ social engineering techniques.
3. Create a Facebook page that links to the malicious blog entries.

 

What happens once users click on these posts?

Once users click these wall posts, they are lead to a page that gives further instructions to click another link. However, this only leads the frustrated user to another Web page. There are also instances where users only need to click once to trigger the threat.

Here are two common forms of clickjacking that have noted on Facebook.

 

Wall Posts Redirects to Several Pages

Users may encounter a post on their Facebook feed about a supposed video of a celebrity, browser extension, or a contests. Instead of seeing the content promised in the description, they are redirected to several other pages until they land on a Web page that asks for personal information such as mobile numbers and email addresses.

Cybercriminals may then use these information to spam more users and for other malicious activities.

 

How could users avoid this threat?

There are many ways for users to this threat. Here are some simple steps that’ll do the trick:

  1. Be wary of clicking links posted on your Facebook feeds.
  2. Restrict your social media contacts to people you know personally.
  3. Study the privacy settings of your social networking site of choice. Make sure that your connection to these sites are secured (https://) as this may help in blocking malicious posts or sites.
  4. If possible, make your profile on Facebookprivate. Other than guarding your privacy, it also lessens the chances of encountering malicious users online.
  5. To know the latest news and updates about world events, promos, etc. consider bookmarking credible news sites instead of solely relying on social media.
  6. Proactively report or tag suspicious posts seen on social networking sites.

 


As an independent media venture, Kashmir Patriot is dependent on donations from readers and philanthropically minded individuals (who, by law, must be Indian citizens) for the bulk of its revenue. 

Make a donation and help pay for our journalism.

 Free Media matters. Your support will ensure independent media. 
DONATIONS TO THE INDEPENDENT MEDIA ARE ELIGIBLE FOR EXEMPTION UNDER SECTION 80G OF THE INCOME-TAX ACT.
THE MEDIA VENTURE DOES NOT ACCEPT DONATIONS FROM ORGANIZATIONS WITH RELIGIOUS, SECTARIAN OR POLITICAL AFFILIATIONS
CLICK TO DONATE NOW
WhatsApp Channel Join Now

Get real time updates directly on you device, subscribe now.

Leave A Reply

Your email address will not be published.