Click any word in a definition or example to find the entry for that word
the malicious activity of taking control of an Internet user's actions by making them click on hidden links
'Only today, there are reports that hundreds of thousands of Facebook users are falling victim to so-called clickjacking attacks through links to subjects such as "World Cup 2010 in HD" or "Justin Bieber's phone number".'Marketing Week 3rd June 2010
'A free plug-in called NoScript, built for the Firefox web browser, includes pop-up warnings about potential clickjacks …'BBC News 3rd June 2010
'You probably won't get what's being advertised: … Instead, what you'll get is clickjacked … But if the clickjackers behind this whole thing ever decided to tie in some malware – maybe to spy on your online banking or credit card transactions, for example …'TechNewsWorld 5th June 2010
the way we navigate the Web centres on our ability to click, so it's no surprise scammers have been concentrating on ways to manipulate our clicking habits
Everything about the way we navigate the Web centres on our ability to click, so it's no surprise that scammers have been concentrating on ways to manipulate our clicking habits. Clickjacking occurs when users click on a button that appears to perform another function – in other words, they are tricked into clicking on something they hadn't intended to, because the link they are really clicking on is 'hidden' by something that looks innocent. The scam works by presenting the user with a web page incorporating fake links or buttons, which has another page loaded over it in an invisible layer. Users think that they are clicking on the buttons that they can see, whereas in fact they are performing actions concealed on the invisible page. To illustrate, a user might see a 'play' button for a video, but hidden underneath it is a product page from a web retailer. When the user 'plays' the video, he or she is actually clicking on a link to unwittingly buy the product.
A high-profile example of clickjacking occurred in the context of social networking website Facebook. Users clicking on links to recent popular topics like the 2010 World Cup, the BP oil leak or the new Shrek movie, have unwittingly been clicking on a hidden button telling Facebook that they 'like' the web page. This then gets published on their own Facebook page and shared with online friends, spreading the links virally.
Though episodes like this are essentially harmless, it's not difficult to see that clickjacking could be exploited for more malicious purposes, such as acquiring and manipulating sensitive information like personal details, passwords, logins etc.
The word clickjacking first appeared in 2008, coined by Internet security experts Robert Hansen and Jeremiah Grossman. The term is, of course, a blend of the words click and hijacking (=illegally taking control of something). Modelling itself on the pattern of hijack, the derived form clickjack also exists, which can be used as a countable noun, to refer to an instance of clickjacking, or a transitive verb, usually occurring in the passive form, as in get clickjacked. The derived noun clickjacker is used for perpetrators.
Clickjacking follows two earlier neologisms centred around the activity of mouse clicking: click fraud, which is the dishonest activity of clicking on online advertisements in order to generate a charge per click, and clickprint, refering to an Internet user's unique pattern of online behaviour.
Read last week's BuzzWord. Meme.
This article was first published on 13th September 2010.