Three signs of ‘invisible’ attack that empties bank by silently ‘hijacking’ your clicks as expert warns ‘stay vigilant’
All recommendations within this article are informed by expert editorial opinion. If you click on a link in this story we may earn affiliate revenue.
BEWARE a dangerous type of cyber-attack that you might notice striking, cyber-experts have urged.
It's called clickjacking, and it works by creating an "invisible" hack that's hidden behind something that appears ordinary.
The idea is that you click on something seemingly ordinary, like a log-in pop-up or an advert.
But what you're really clicking is secretly hidden behind – infecting your device with dangerous malware.
These clickjacking scams can take many forms and are extremely dangerous, cyber-experts warn in an official Keeper Security memo.
"Cybercriminals use clickjacking to trick you by manipulating what you see on screen," said Keeper Security cyber-expert Aranza Trevino.
"They overlay invisible fields on top of legitimate-looking fields in order to disguise the action you are taking.
"This can happen with a whole website or just a pop-up ad. Sometimes, the hacker even embeds the legitimate website inside their own site to make it look as real as possible.
"Believing you are on a legitimate site, you will click things, enter your credentials or provide other sensitive information.
"You will believe you are completing legitimate actions but the invisible fields will cause you to accidentally download malware or send your information to cybercriminals instead."
Most read in News Tech
What does clickjacking look like?
Keeper Security warned users about three different examples of clickjacking.
The first is when you receive an email from an app you use like Facebook.
You'll click the link and be taken to a fake version of Facebook – with the real website embedded.
When you try to log in, you're actually entering your personal info into an "invisible field" over the top of Facebook.
This lets criminals steal your log-in info without you even noticing.
Second, you might see an ad from a reputable brand.
When you click the ad, you'll once again be taken to a fake website with the real brand's page embedded.
Once again, you attempt to log in but – without realizing – are typing your info into an "invisible field" that sends your detail straight to criminals.
Thirdly, criminals may target you with pop-ups.
"A pop-up appears while a user is navigating a website," security expert Aranza explained.
"The user clicks the 'X' to close the pop-up, but the 'X' is actually a download link that installs malicious software on the user’s computer."
Once malware is on your device, it could be used to steal your info or money.
And the cyberexperts warned it could "take years to recover" from this kind of attack.
How to stay safe from clickjacking
It can be difficult to avoid clickjacking because it's usually invisible.
However, try your best not to click unsolicited links or pop-ups.
Only visit legitimate websites using the official URLs – rather than navigating there via emails or text messages.
Stick to official app stores and well-known websites when you're downloading content.
And if you see an ad that looks too good to be true, it's best to just ignore it.