Clickjack attack

Consumers warned of ‘clickjacking’ scam

Seemingly harmless ploy can cause woe

• Special to the Times Record News
• Posted July 6, 2013 at 5:15 a.m.
Wichita Falls, TX

Better Business Bureau

Even savvy computer users can fall for “clickjacking,” the latest trick that hides a scam on a seemingly safe Web page, the Better Business Bureau reported. It works by making victims think they are clicking a harmless link, when they really are activating a scam.

How the scam works: It starts like most online phishing scams. You receive an email, social media message or text that directs you to a website. For example, scammers may claim to be from a major store chain, and they are giving away something cool like a free iPad. They instruct you to go to a website and enter to win.

When you get to the site, everything looks normal. But scammers have hidden links and other content on the page using a web design trick. In addition to the content you can see, scammers have added an invisible layer. They set the opacity to zero, so the content is transparent but still active.

You complete the form and hit the “Register Now!” button. But scammers have placed an invisible link on top of the register button. This is “clickjacking.” You think your click is entering you for the free gift, but you are really activating some code. This code can do anything from ordering something on Amazon (using the “one click” purchase feature) to changing the settings on your computer.

This technique also is used to trick you into “liking” something on Facebook that you normally wouldn’t. This is called “likejacking.”

How to spot a clickjacking scam:

■ If it seems too good to be true, it probably is. Don’t set yourself up for “clickjacking” by going to the website in the first place. Stay away from teasers for sensational videos (Click here to see shocking footage!) and offers that are too good to be real (Free Hawaiian vacations!).

■ Update your Web browser. The newest versions of browsers have security updates that warn you of suspicious websites.

■ Log out of websites. Many clickjacking scams take advantage of Web users’ habit of staying logged into sites like Facebook or Amazon. This makes it easier for scammers to “like” or even purchase something in your name.

■ Don’t believe what you see. It’s easy to steal the colors, logos and header of any other established organization. Just because a site looks real, it does not mean it is.

The website for the BBB is

, , , , ,

  1. Leave a comment

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


Get every new post delivered to your Inbox.

Join 86 other followers

%d bloggers like this: