Web Clickjacking Fraud Makes a Comeback

Clickjackings have been around for more than a decade, utilizing various forms and techniques. Web clickjackings utilize elements on a web page for a hidden purpose, often to trick users into clicking on an advertisement. The techniques employed continue to evolve with the use of JavaScript. Three different methods were found: interception by hyperlinks, interception by event handlers, and interception by visual deception. Some websites work with third-party scripts to hijack user clicks for monetization. The NJCCIC recommends users refrain from clicking on suspicious advertisements, links, or other elements within websites and keep all hardware, software, and anti-virus/anti-malware updated. We also advise users to review the OWASP website and the Sophos article for more information on clickjacking.