Clickjacking is a malicious technique where attackers deceive users into clicking on something different from what they think, effectively “hijacking” their clicks. The attacker hides a malicious link or action under a seemingly harmless element (like a button or a video), causing users to unintentionally trigger a harmful action, such as downloading malware, liking a social media post, or granting unauthorized access to personal data. It exploits the trust a user has in the appearance of a web page.
Example:
Imagine a website with a seemingly harmless “Play Video” button. When the user clicks the button, they are actually clicking a hidden “Like” button on a social media site, which leads to the attacker gaining control of the user’s profile or posting on their behalf without the user’s knowledge.