Clickjacking: What it is, how it works, and simple ways to avoid it

Clickjacking

What it is

Clickjacking (also called UI redress) is a web page magic trick. A fake button or invisible layer is placed on top of the real page so you think you’re liking a post, closing a popup, or playing a video—when you’re actually clicking somewhere else (the attacker’s target). More background in our 
clickjacking guide

How it works 

  • The attacker frames a target site under a look-alike page.

  • They hide or offset the real controls (opacity, tiny iframes, CSS).

  • Your click lands on the target site: follow, purchase, enable camera, change settings, etc.

What you might notice

  • Buttons don’t do what they should, or a click triggers an unrelated action

  • Tiny delays before something happens, as if layers were loading

  • Cursor changes or focus jumps to a different part of the page

Stay safe (fast tips)

  1. If a page looks sketchy, don’t click—scroll or reload.

  2. Use Content Security/Privacy tools that block third-party frames and trackers.

  3. Keep your browser updated; modern protections help.

  4. For admins: set X-Frame-Options: DENY or CSP frame-ancestors 'none' on sensitive pages.

If you clicked already

  • Close the tab, clear site data for that domain, and sign out/in again.

  • Review account settings/permissions (camera/mic, follows, subscriptions).

  • Turn on MFA so one bad click can’t take over your account.

    Glossary (A–Z)

    All A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

      • Related Articles

      • Social Engineering

        What it is Social engineering is tricking people into doing something they shouldn’t - like clicking a link, sharing a code, or paying a fake invoice. Instead of hacking computers, attackers hack trust with stories that feel urgent, helpful, or ...

      • Baiting

        What it is Baiting is a social-engineering trick: attackers dangle something tempting—an “urgent” work file, free software, a giveaway—to make you install malware yourself. The lure feels legit; the payload hides in the download. How it works A ...

      • Money Mule

        What it is A money mule is a person who lets criminals move stolen money through their bank account. Scammers pitch it as easy “remote work” or a quick favor. In reality, you’re laundering funds and can face frozen accounts, debt, or criminal ...

      • Data Breach Prevention

        Why it matters Breaches drain money, trust, and time. Strong basics turn scary “what ifs” into non-events: a phish gets ignored, a stolen password is useless, a lost laptop holds only encrypted gibberish. The short, smart checklist MFA everywhere: ...

      • Data Execution Prevention

        What it is Data Execution Prevention (DEP) is a Windows safety net that stops code from running in places it shouldn’t—like the stack or heap. If malware tries to execute from those memory areas, Windows blocks it and shuts the app down instead of ...