“Clickjacking”: The Art of Hiding a Scam in Plain Sight

Even savvy computer users can fall for “clickjacking,” the latest trick that hides a scam on a seemingly safe webpage. It works by making victims think they are clicking a harmless link, when they are really activating a scam.

How the Scam Works:   computer hacker 150x150 Clickjacking: The Art of Hiding a Scam in Plain Sight

It starts like most online phishing scams. You receive an email, social media message or text that directs you to a website. For example, scammers may claim to be from a major store chain, and they are giving away something cool like a free iPad. They instruct you to go to a website and enter to win.

When you get to the site, everything looks normal. But scammers have hidden links and other content on the page using a web design trick. In addition to the content you can see, scammers have added an invisible layer. They set the opacity to zero, so the content is transparent but still active.

You complete the form and hit the “Register Now!” button. But scammers have placed an invisible link on top of the register button. This is “clickjacking.” You think your click is entering you for the free gift, but you are really activating some code. This code can do anything from ordering something on Amazon (using the “one click” purchase feature) to changing the settings on your computer. This technique is also used to trick you into “liking” something on Facebook that normally wouldn’t. This is called “likejacking.”

How to Spot a Clickjacking Scam:   

  1. If it seems too good to be true, it probably is. Don’t set yourself up for “clickjacking” by going to the website in the first place. Stay away from teasers for sensational videos (Click here to see shocking footage!) and offers that are too good to be real (Free Hawaiian vacations!).
  2. Update your web browser. The newest versions of browsers have security updates that warn you of suspicious websites.
  3. Log out of websites. Many clickjacking scams take advantage of web users’ habit of staying logged into sites like Facebook or Amazon. This makes it easier for scammers to “like” or even purchase something in your name
  4. Don’t believe what you see. It’s easy to steal the colors, logos and header of any other established organization. Just because a site looks real, it does not mean it is.

For More Information

Read more about how “clickjacking” works on Wikipedia.

To find out more about scams, check out BBB Scam Stopper.

Related Posts:

avatar

About Emily Patterson