Clickjacking facts for kids
Clickjacking is a sneaky trick that makes you click on something you didn't mean to. It's also called a "UI redress attack" or "UI redressing" because it messes with the user interface (UI). This trick can make you share private information or even let someone control your computer. It happens when you click on what looks like a normal website.
This problem affects how web browsers work. It's a security flaw found in many different browsers and devices. A clickjack uses hidden computer code or a script that runs without you knowing. For example, you might click a button that looks like it does one thing, but it actually does something else. The word "clickjacking" was first used by Jeremiah Grossman and Robert Hansen in 2008.
Contents
How Clickjacking Works
Clickjacking is possible because parts of a website that seem harmless can be used in unexpected ways.
In a clickjacking attack, attackers put an invisible website on top of the one you're looking at. You think you're clicking a button on the visible page. But you are actually clicking something on the hidden, invisible page. The hidden page is often a real website. This tricks you into doing things you never meant to do. It's hard to trace these actions back to the attackers later. This is because you were truly logged in on the hidden site.
Real-Life Examples of Clickjacking
Imagine you get an email with a link to a video. You click the "PLAY" button to watch it. But secretly, an invisible website, like a shopping page from Amazon.com, is placed over the play button. When you click "PLAY," you might actually be buying something from Amazon! This trick works best if you are already logged into Amazon and have "1-click ordering" turned on.
Other ways clickjacking has been used include:
- Tricking people into turning on their webcam and microphone using Adobe Flash. (This problem has since been fixed.)
- Making users share their private social media information with everyone.
- Getting users to download and run harmful software (malware). This software can let an attacker take control of their computer.
- Making users follow someone on Twitter.
- Getting users to share or "like" links on Facebook.
- Getting "likes" on a Facebook fan page or "+1"s on Google Plus.
- Playing YouTube videos to unfairly increase their view count.
- Making someone follow another person on Facebook.
What is Likejacking?
Likejacking is a specific type of clickjacking. It tricks users into "liking" a Facebook page they didn't mean to like. The name "likejacking" came from a comment by Corey Ballou. He explained how Facebook's "like" button could be used for malicious activities.
Images for kids
See also
In Spanish: Clickjacking para niños