How does it do that? There are actually several types of clickjacking. For example, you get tricked into using a copy of a real website, superimposed over the top of the real website. Whenever you watch an embedded YouTube video on a website, that’s an example of how this works. But instead of clearly showing the video as part of the website, clickjackers cover the real website with their fake. Now, everything you click is doing what the clickjacker wants it to, and the potential opportunity this presents them is why you need to be aware.

Clickjacking can happen on mobile devices as well as computers, and webmasters for the genuine site are responsible for the security measures designed to prevent clickjacking attacks, and that’s where most of the steps needed to defend against clickjacking can be found. But as with all cyber threats targeted at you, there are things you can do for your online safety:

1. Update your browser with the latest security patches. These days most browsers have built-in protection against clickjacking, either warning users that they are trying to access a dangerous website, or by blocking access completely. Keeping your browser up to date provides continuous protection against the latest threats.
2. Pay attention to any browser warnings that appear for websites you visit. If you are warned not to proceed, don’t.
3. Always have 2FA enabled for accessing authenticated platforms. Clickjackers won’t be able to replicate your 2FA security, so if you’re expecting a text and don’t get it, this could be a sign of clickjacking.
4. As with many cyber threats, be wary of emails prompting you to address an urgent matter. Clickjackers want you to be on their website, so these emails will ask you to click a link, and that link could take you to a website that looks identical to your banking or other official website, but is actually the clickjackers version of it.
5. Consider using a password manager in your browser. If you’re redirected to a fake website, the URL of that site won’t correspond to what the password manager is expecting. So if the password manager doesn’t auto-populate the credentials, that can be a sign that the website is not legitimate.
6. Clickjackers want you to be on their website or app and may try to get you to download an app that could be malware for your device. Don’t download any app you are unsure of, and always download apps onto devices through official app stores.
7. Avoid clicking on ads that appear too good to be true on Google, Facebook and the like. Sometimes, clicking on these could take you to a website the clickjacker wants you to be on. Remember, if it looks too good to be true, it probably is!
8. Avoid clicking on pop-ups, especially on sites you don’t use regularly. Many of them are malicious and could possibly be clickjackers trying to get you to where they want you to be.

Fraud is a threat to everyone, and the team at Ebury are here to help our customers protect themselves from its effects.

📩 If you need any advice on any fraud-related issues, contact us at [email protected].