Double Click, Lose Everything: Beware the New Clickjacking Trap

Beware of this new form of clickjacking; a mere double-click can allow hackers to steal your accounts. It's crucial to protect yourself and remain alert to this escalating threat.

Double-Clickjacking: A Fresh Threat to Your Online Security

Paulos Yibelo, a security engineer at Amazon, recently unveiled a new type of online attack called double-clickjacking. This sophisticated variation of the classic clickjacking can disable security settings, delete accounts, or even take over your existing accounts.

The Craft of Misused Double-Clicks

Clickjacking involves hijacking your clicks on one website to perform malicious actions on another. You might think you are clicking a button on the site you are visiting, but the click is exploited to make a purchase on a completely different site. With the addition of a second click, this method has evolved to bypass modern browsers’ restrictions on sending cookies across sites, revitalizing a nearly extinct threat.

How Double-Clickjacking Works

In a new blog post, Yibelo explains that while the addition may seem minor, it “opens the door to new user interface manipulation attacks that can bypass all known protections against clickjacking.” In these attacks, cybercriminals first direct potential victims to a phishing site where a standard CAPTCHA appears. Uniquely, instead of deciphering text or identifying images, users are prompted to double-click a button to verify their humanity.

How to Protect Yourself from Double-Clickjacking?

Being cautious with online clicks is essential, whether it’s a link in an email, a text message, or a website button. Think before you click. To safeguard your devices, equip them with top-notch antivirus software. While browser developers and websites begin to implement new protective features against this attack method, maintaining robust cybersecurity hygiene is crucial. Whatever you do, avoid double-clicking on CAPTCHAs you encounter.