What is Clickjacking? Is is Click Fraud?
Phishing, Internet Fraud, and "Likejacking" Can Cost You Money, Damage Your Reputation
A form of internet fraud that may be unknown to users is “clickjacking” or essentially misusing a click on a page (or link) for nefarious purposes. Lately, there is also concern about “likejacking” where a user unwittingly endorses a page by clicking on a link that looks fairly innocuous. Clickjacking can be accomplished by way of embedded code, links, and scripts that execute without the user’s knowledge.
Clickjacking Examples:
1. Similar to “Rickrolling” someone sends you a link to a video but there is a hidden page over the video. Clicking on the apparent destination page results in an action taken on the hidden page. This can be done for click fraud or other purposes, and you may find yourself going to an infected site, voting for a page you don’t want (bad for your Facebook profile) or otherwise distracted. Someone may be selling traffic to a site and getting it there by sending you on a wild goose chase.
2. Adding follows and links on social media sites, making information public, or giving permission to activate a microphone and camera. Similar attacks can cause installation of keyloggers or spyware.
Clickjacking solutions:
Newer versions of browsers may provide some protection against clickjacking, but this involves having good security settings. There are add-ons for Firefox which could prevent clickjacking. http://noscript.net/faq#clearclick
Note that clickjacking could also be used for phishing attacks since a link from one site may look like a legitimate path to a real site that is actually phony. As always, it pays to watch your URLs when you are going to online banking or social media sites, since there are some very convincing sites out there.
Notes and Special Information
Special note: Not all internet fraud is clickjacking, but this threat is emerging as more people find ways to siphon off traffic.