ava on Nostr: Hackers can steal your accounts, and all it takes is a double-click — don’t fall ...
Hackers can steal your accounts, and all it takes is a double-click — don’t fall for this new form of clickjacking
Whatever you do, don’t double-click on that CAPTCHA
https://www.tomsguide.com/computing/online-security/hackers-can-steal-your-accounts-and-all-it-takes-is-a-double-click-dont-fall-for-this-new-form-of-clickjacking
What you need to know:
- Clickjacking is a cyber attack where hackers hijack clicks on one website to perform malicious actions on another site without the user's knowledge
- A new variant called double-clickjacking has emerged as hackers adapted to bypass modern browser security measures that block cross-site cookies
- The attack typically begins with users being led to a phishing site that appears legitimate
- The new method uses a fake CAPTCHA system that requires users to double-click rather than traditional text or image verification
- Between the two clicks, hackers load a sensitive page in the background - the first click closes the top window while the second click authorizes unwanted actions
- Double-clickjacking can be used to obtain OAuth and API permissions on major websites, regardless of the time gap between clicks
- The attack can be used to disable security settings, delete accounts, authorize money transfers, and compromise browser extensions
- Browser makers like Google, Microsoft, Apple, and Mozilla need to implement new security measures to defend against this threat
- Users are advised to be cautious about clicking links, especially on suspicious websites or too-good-to-be-true offers
- Until protective measures are implemented by browsers and websites, users should practice good cyber hygiene and avoid double-clicking on CAPTCHA verification systems
#IKITAO #TECH #SECURITY
Whatever you do, don’t double-click on that CAPTCHA
https://www.tomsguide.com/computing/online-security/hackers-can-steal-your-accounts-and-all-it-takes-is-a-double-click-dont-fall-for-this-new-form-of-clickjacking
What you need to know:
- Clickjacking is a cyber attack where hackers hijack clicks on one website to perform malicious actions on another site without the user's knowledge
- A new variant called double-clickjacking has emerged as hackers adapted to bypass modern browser security measures that block cross-site cookies
- The attack typically begins with users being led to a phishing site that appears legitimate
- The new method uses a fake CAPTCHA system that requires users to double-click rather than traditional text or image verification
- Between the two clicks, hackers load a sensitive page in the background - the first click closes the top window while the second click authorizes unwanted actions
- Double-clickjacking can be used to obtain OAuth and API permissions on major websites, regardless of the time gap between clicks
- The attack can be used to disable security settings, delete accounts, authorize money transfers, and compromise browser extensions
- Browser makers like Google, Microsoft, Apple, and Mozilla need to implement new security measures to defend against this threat
- Users are advised to be cautious about clicking links, especially on suspicious websites or too-good-to-be-true offers
- Until protective measures are implemented by browsers and websites, users should practice good cyber hygiene and avoid double-clicking on CAPTCHA verification systems
#IKITAO #TECH #SECURITY