Accessibility links

Facebook   X   LinkedIn   Email

New Clickjack Attacks: Where You Double-Click Matters

February 24, 2025

Call them sneaky, devious, underhanded, cunning, and conniving. Clickjack attacks are all that and more. And now there’s a new twist on this highly successful cybercrime. All it takes is one wrong double-click that puts this crime into motion, leaving countless victims unaware they’ve been duped. That is, until it’s too late. Here’s what you need to know now about this new type of attack on your clicks.

One Click, Two Click

Most of us visiting trusted websites would never imagine a quick double-click meant our personal accounts and PII could be hijacked. Earlier clickjack attacks required just a single click, but once they were figured out, they had to resort to new tricks. This new double-click version gets past clickjacking protections put on the single click attacks. But it still incorporates one-click tricks that undermine device security settings, allow money transfers, deletes accounts, and more. But with this new double-click attack, there’s more to it.

This latest clickjack attack uses what looks to be a safe element on a trusted webpage. Little do we know hackers placed a disguised or hidden element behind what we click on. A favorite tool—CAPTCHA authentication boxes. Two clicks are all it takes for this trick to install malware, take us to malicious web pages that steal our PII, wreak financial havoc, and more.

How to Click Carefully

  • You have to wonder if it’s safe to click on anything at all. You might be right if it weren’t for the safety tips below that fight this latest threat of clickjack attacks. And remember, don’t let hackers win!
  • Always click carefully. Whether it’s a malicious email or text link, something for free or sounding too good to be true, the web is full of bad guys luring us into acting.
  • Make sure the sites you visit are legitimate and always carefully check the URL to verify it’s spelled correctly. Keep a close eye out for transposed letters and numbers in places of letters.
  • Never double-click on what we know as “CAPTCHA” boxes. They are using these for many of these types of attacks.
  • Using anti-virus solutions on a device is always recommended. Keep it updated at all times.
  • Remember, a good dose of common sense is your best weapon, so don’t be afraid to use it.

Verification CAPTCHA Spreads Malware to Windows Users

Scams & Phishing

Verification CAPTCHA Spreads Malware to Windows Users

That familiar CAPTCHA challenge we’re asked to do proving we’re not robots is getting some Windows users in trouble. Hackers are using their own bogus CAPTCHA pages to sneak malware onto Windows devices. It looks like this is one-time that Windows users may pay the price for not being a robot. The good news is, whether you’re clicking a box, choosing frames where an item is showing, or typing-in random letters, there’s a way to tell when you’re being targeted. READ FULL STORY
Overlays For Androids For Criminal Convenience

Mobile Security

Overlays For Androids For Criminal Convenience

Android Overlays are a powerful feature in the Android operating system. Theses allow apps to display content over other apps or over the system user interfaces. Ultimately this results in the user experience being more, well, user-friendly. So why is it important? This is useful in many ways, such as for displaying persistent notifications, those cheeky Android chat heads that float around the screen, or for using accessibility features. But those handy capabilities can also be misused by cybercriminals to create deceptive interfaces, tricking you. READ FULL STORY
Phony Voicemail Links Steal Employee Credentials From Office 365 And Outlook Users

Scams & Phishing

Phony Voicemail Links Steal Employee Credentials From Office 365 And Outlook Users

Most of us know phishing emails and fake texts are a hacker’s calling card for stealing valuable PII. But recently, researchers at Zscaler cloud security sounded the alarm about an unusual malware campaign using voicemail-themed email phishing as the primary hook for cyberattacks. It’s only after Zscaler fell victim to this campaign that the company felt compelled to study it further. Zscaler finds this cybercrime targets employees in the U.S. using Microsoft Office 365 and the Outlook email service. READ FULL STORY
What's Behind Man-In-The-Middle Attacks and How to Avoid Them

Your Security

What's Behind Man-In-The-Middle Attacks and How to Avoid Them

It’s not the game many of us played as kids, but it is a distorted take on the same idea. Man-in-the-middle (MitM) cyberattacks do put someone in the middle of two sides, but that someone is a cybercriminal. And those on either side are clueless victims. In reality, MitM attacks are anything but a game. A typical MitM attack can disrupt operations, intercept usernames and passwords, emails, banking, and other financial details. Read on about how MitM attacks play out, including ways to avoid being caught up in these crimes. READ FULL STORY
Firewall vs. Antivirus: What’s the Difference?

Mobile Security

Firewall vs. Antivirus: What’s the Difference?

In today's interconnected world, cybersecurity is more important than ever. Businesses of all sizes face the threat of cyberattacks, and the stakes are high. A successful attack can result in the loss of sensitive data, financial damage, and reputational damage. Fortunately, there are a variety of cybersecurity solutions available to help businesses protect themselves. By investing in these products and services, businesses can defend themselves against a wide range of threats, such as viruses, malware, and SQL injections. READ FULL STORY