A deceptive technique where an attacker tricks a user into clicking on something different from what they see, by layering invisible or disguised elements over a legitimate web page.
A deceptive technique where an attacker tricks a user into clicking on something different from what they see, by layering invisible or disguised elements over a legitimate web page.
Think you've been targeted?
Paste the suspicious content here for an instant analysis.
No signup · 6 detection layers · Results in seconds · Cmd+Enter
Clickjacking, also known as a "UI redress attack," makes users believe they're clicking a legitimate button when they're actually clicking on a hidden element controlled by the attacker. The technique uses transparent iframes layered over visible content.
This can lead to unintended actions: enabling a webcam, sharing personal data, clicking "Like" on a Facebook page, downloading malware, or making a purchase. The victim believes they clicked a harmless button while actually triggering a completely different action.
While less commonly associated with traditional scams, clickjacking is used in social engineering, ad fraud, and unauthorized data collection. It demonstrates how attackers exploit the gap between what users see and what actually happens.
A clickjacking attack targeted Facebook users by showing a "Watch this video" button that was actually aligned with Facebook's hidden "Like" button. Users unknowingly liked scam pages, which then appeared in their friends' feeds, spreading the scam virally.