Click jacking is used by an attacker to collect information from user’s clicks. The attacker can do any type of things by launching this type of attack for example taking control of users microphone, webcam, adjusting the user’s computer settings, sending the user to Web sites that might have malicious code. Attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were intending to click on the top level page. Thus, the attacker is “hijacking” clicks meant for their page and routing them to other another page, the exploit is also known as
“UI redressing”.
Image Source: https://mattiasgeniar.be/2008/11/27/clickjacking-shere-brilliance/
Attack Example:
The user receives an email with a link to a video about a news item, but another valid page, say a Friend Request page, can be “hidden” on top or underneath the “PLAY” button of the news video. The user tries to “play” the video but actually “Accepts” the Friend Request, in the similar way user name and password of online banking account or E-mail can be got.
Prevention:
1.No Script: This is the best prevention against Click jacking. It is a Firefox add-on and prevents users from clicking invisible click.
2. Upgrade to latest Flash Player
3. Edit Your Flash Settings by Right Click on flash Player —>Global Settings—>Select Always Deny option