clickjacking


Also found in: Thesaurus, Legal, Encyclopedia, Wikipedia.

clickjacking

n
the practice of using a disguised hyperlink to direct an internet user to a website he or she does not wish to visit
[from click (sense 5) + hijack]
Collins English Dictionary – Complete and Unabridged, 12th Edition 2014 © HarperCollins Publishers 1991, 1994, 1998, 2000, 2003, 2006, 2007, 2009, 2011, 2014
References in periodicals archive ?
Clickjacking is an online scam in which victims think they are clicking on a harmless pop-up advert or game's play button, but hiding underneath is an agreement to a subscription service.
Isle of Man-based Xplosion used a practice known as "clickjacking" in which popup ads or play buttons hide subscription charges.
In a practice known as "clickjacking" which uses pop-up ads or play buttons to hide subscription costs, users were charged up to PS9.50 a week for adult videos, quizzes and competitions on their mobiles.
Participants used various attack methods to exploit vulnerabilities in web applications such as cross site scripting, SQL injection, forced browsing, privilege escalation, cross site request forgery, clickjacking, session hijacking, and resetting passwords (Chu et al., 2009).
"WAP billing can be particularly vulnerable to so-called 'clickjacking' as it has a one-click feature that requires no user authorization.
"The possible attacks include advanced clickjacking, unconstrained keystroke recording, stealthy phishing, the silent installation of a God-mode app [with all permissions enabled], and silent phone unlocking [and] arbitrary actions [while keeping the screen off]," the researchers wrote.
Clickjacking Simply put, this is a way of getting a victim to unknowingly click on things that benefit the hacker.
XSS attacks range in severity, which empower the adversary to conduct a wide range of potential attacks including redirection to phishing sites, password logging, session hijacking, clickjacking, stealing of sensitive data, self-propagating JavaScript worms, malware distribution, browser automation, and the ability to pivot onto an internal network to launch additional attacks.