Attackers have multiple ways that they can get to people's sensitive information. But when webmasters try and secure their sites from this, they don't always think about how information can be compromised from clicks from other websites. This is known as clickjacking. Clickjacking occurs when a user is tricked into clicking on invisible elements hidden under the user interface. This is also known as UI redressing. Essentially what happens is a user is tricked into clicking on the attacker's website.
Key Takeaways:
- Clickjacking is a form of cyberattack which tricks people into clicking on something hidden underneath the interface.
- People can update user profiles, change permissions, or even read keystrokes with clickjacking.
- You want to see if your website might be subject to clickjacking and take appropriate steps to prevent it.
“To mitigate risk, we strongly encourage webmasters and developers to use X-Frame-Options on any web pages that are not meant to run as a frame. You can also leverage a Content Security Policy to mitigate risk and defend against clickjacking..”
Learn more about preventing clickjacking here: https://blog.sucuri.net/2022/09/what-is-clickjacking-and-how-do-i-prevent-it.html