Description: C:\Users\Gimode\Desktop\LOGO\CAK LOGO-01.jpg

National KE-CIRT/CC Cybersecurity Best Practice Guide of the Week

 

CLICKJACKING CYBER SCAM

 

 

In This Issue:

*     Clickjacking

 

 

 

 

 

 

 

 

 

 

 

What is Clickjacking

Clickjacking is a type of cyber scam that aims to tricks a person to click a malicious link without knowing. It tricks a web user into clicking on something different from what the web user perceives.

 

A good example of clickjacking is when an attacker who builds a web site that has a button on it that says "click here for a free mobile phone". However, on top of that web page, the attacker has loaded some malicious code to your mail account and lined it up with the "delete all messages". The victim tries to click on the "free mobile phone" button but instead actually clicked on the invisible "delete all messages" button. In essence, the attacker has "hijacked" the user's click, hence the name "Clickjacking".

 

How Clickjacking can be Harmful

Clickjacking can be extremely harmful because it takes advantage of the user’s perception and tricks him or her. This means that the web user is completely unaware of what is going on in the background. Your click may be a trigger to execute malicious code or lead you to a malicious site that might steal your personal details.

Protecting Yourself From Clickjacking

*            Update your internet browser and plug-ins as often as possible and be sure to install all updates that are recommended by your IT support team.

*            Use third party software to protect you. There are multiple free and open-source plugins that allow Javascript, Java and Flash to be executed only on sites that you trust.

*            Be careful while browsing and don’t share your personal details with any page that pops up.

 

Have the above guide in mind when browsing the internet. Report any cybercrime incident/activity

to  incidents@ke-cirt.go.ke / www.ke-cirt.go.ke