Cybercriminals exploiting clickjacking to hijack your data

Among the techniques used by cybercriminals is clickjacking. In this case, scammers exploit secure websites for their activities.

Innocently clicking "Like" or subscribing to a newsletter on a website can result in installing harmful software and activating code that allows hackers to access passwords or monitor keystrokes. The technique known as clickjacking involves cybercriminals exploiting secure websites to carry out attacks.

Imagine a situation where you're asked to fill out a paper form with your data, such as your username, password, and other confidential information. Unfortunately, someone has placed a transparent film over the form. An unsuspecting person writes their data on the film, thinking they are writing on the form, while the original remains empty. The film with the data ends up in the hands of the scammers, while the empty form goes to the recipient, unaware of the deception.

A similar mechanism is used in clickjacking attacks, where cybercriminals overlay a malicious, invisible layer on legitimate and trusted websites. Users clicking on what appears to be safe links or forms may unknowingly be handing their data over to scammers.

Cybercriminals using the clickjacking technique have several options for action. The most basic method, placing a transparent layer over the entire website, is relatively simple to implement. However, it is also easier to detect by advanced protection systems like EDR (Endpoint Detection and Response), which are designed to identify such threats.

Therefore, other tricks are employed, such as hiding different objects on the official site or introducing new ones. These could be posts deceptively similar to those found on social media. Clicking the "Like" button can trigger an unwanted action, like downloading malicious code or turning on a webcam. In other cases, these are fake login forms, and the sensitive data entered into them goes straight to the cybercriminals' database and can be used or resold further.

Such attacks are complex and difficult to identify. Particularly concerning is the fact that the ability to detect such activities from the perspective of the average internet user is limited (although there are some preventive measures), and implementing proper website protections usually requires the help of specialists.

– Victims cannot see the danger due to the hidden nature of these activities. However, there are certain symptoms that can raise suspicions in an aware internet user. For example, if, after clicking a consent window for data processing, there is a noticeable, quick content change or the site does not respond to clicks, this could indicate an attempt at fraud. If, in such or a similar situation, a red warning light goes off in the user's head, it's worth reporting this to the website administrator, who can take appropriate actions to verify the case and possibly restore the site's security – advises Robert Dąbrowski, head of the engineering team at Fortinet's Polish branch.

The responsibility for protecting against clickjacking attacks primarily lies with website owners. Developer teams that install appropriate protective mechanisms on servers can implement the most effective defensive measures. These mechanisms control the content displayed on the pages and block the presentation of potentially dangerous content in the browser.

Companies can also take additional steps to protect their employees and customers. Educating the staff is crucial; employees should be aware that they can react more quickly to threats and notify the appropriate specialists. Another important measure is installing a next-generation firewall (NGFW) with an application firewall function. Such a firewall protects against typical network threats and is capable of recognizing and blocking emerging threats, including clickjacking.

There should always be up-to-date protective software on the users' computers with a function for scanning opened websites. It is also essential to remember the systematic updating of the operating system and web browsers – certain methods of clickjacking previously used by cybercriminals have been blocked thanks to appropriate software protections.

Due to the continuous evolution of data presentation methods on the global network, cyberattacks like clickjacking will continue to be carried out. Victims will be enticed into performing unexpected actions on websites that look identical to those previously used. Therefore, efforts to educate for awareness that leads to thwarting cyberattacks through quick reporting of suspicious situations to administrators should not cease. But simultaneously, it is necessary to implement appropriate technical solutions that minimize the threat level.