Definition — What is Clickjacking? 

Clickjacking or UI redressing is one of the common cybersecurity attacks. It was first identified in 2008 by Robert Hansen and Jeremiah Grossman. It is a malicious practice in which an attacker creates an invisible page or an HTML element that overlays the legitimate page. It’s meant to trick the user into clicking on a particular button or an element on that page, which seems very authentic and attractive. The users may not identify that there is a hidden UI layered over the original site. When he/she clicks on specific links or buttons on the page, their click is hijacked, and they will be routed to a completely different website.

The internet and technology have revolutionized not just our lives but those of cyber attackers as well. They have also been leveraging the advent of technology to find new and innovative ways to orchestrate hacks, malicious attacks, breaches, and so on. Clickjacking itself is not the end goal of the attack; it is simply a means of launching some other attack by making users think they are doing something safe. The actual attack can be virtually anything possible via web pages. This ranges from malicious actions, such as installing malware or stealing credentials or less harming attacks like boosting ad revenues on sites, gaining likes on Facebook, so on.

Clickjacking mitigation

There are two general ways to defend against clickjacking:

• Client-side methods: the most common is called Frame Busting. Client-side methods can be effective in some cases but are considered not to be a best practice because they can be easily bypassed.