According to Wikipedia,
Clickjacking (User Interface redress attackUI redress attackUI redressing) is a malicious technique of tricking a Web user into clicking on something different from what the user perceives they are clicking on, thus potentially revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages. It is a browser security issue that is a vulnerability across a variety of browsers and platforms. A clickjack takes the form of embeddedcode or a script that can execute without the user’s knowledge, such as clicking on a button that appears to perform another function.The term “clickjacking” was coined by Jeremiah Grossman and Robert Hansen in 2008. Clickjacking can be understood as an instance of the confused deputy problem, a term used to describe when a computer is innocently fooled into misusing its authority.
“potential clickjacking” warning from the “NoScript” internet-browser addon
Yes, Facebook is suffering from clickjacking and hackers can use it to get your information’s.
Google+ have once experienced this same issues and it was fixed.
I suggest we’ll should have a dedicated web browser to surf website and we should never try to use our social media account on the same browser.
Here are four ways to prevent your business and employees from becoming part of a clickjacking scam:
Protect the Browser First
In order to prevent your organization from falling prey to this type of attack, you must start with the browser. The most likely scenario is that your users will become clickjacking victims during their normal Web activities. One way to reduce risk is to evaluate and install browser plugins such as NoScript andNotScript, which prompt users to allow javascript actions on sites they visit, as well as specify trusted domains. Some users can be put off by this, but most are becoming sensitive to the amount of cybercrime out there and appreciate the measures companies take to protect them.
This action is less time consuming than others and can greatly reduce risk from the onset.
Take the X-Frames Option
Most common browsers, including Microsoft IE, Google Chrome, Apple Safari and Firefox, support the HTTP Header X-FRAME-OPTIONS check, allowing the host to specify whether or not it is another page to frame it or not. You can take advantage of this functionality by specifying your webserver to send an X-FRAME-OPTIONS response header with the value “DENY.”

Also, you add javascript in your source code to check and see if your site is framed. Many IT departments are large enough and experience enough turnover this this is piece of information can go unnoticed unless someone specifically asks about it.
Splurge on Web Application Firewalls
Web Application Firewalls (WAFs) will prevent someone from interjecting your site and inputting code. But organizations still put this in the “like to have” category instead of “need to have.” Why? Because they are expensive and take a lot of time to manage. They are well worth it. Recent data has shown that nearly 70 percent of all SMBs were hacked in some capacity in 2010. If you can’t build and maintain firewalls for your organization, by lack of sheer resources, consider outsourcing to the pros. It can take a huge burden off your plate, greatly reduce risks (of all kind) and may cost less than you think.
Evaluate Email Protection
Install and implement a strong email spam filter, and check it often. A clickjacking attack usually begins by tricking a user through email into visiting a malicious site. This is largely accomplished through forged or specially crafted emails that look completely authentic. By blocking illegitimate emails, you reduce a potential attack vector for clickjacking and a slew of other attacks as well. You’ll need to warn your employees that this measure has been taken so they regularly check their junk mail.
Some hacks steal data right from the company’s private networks, while others destroy the company from the outside in by way of victimizing site visitors. This is one of those hacks, and it can be extremely damaging to a company’s brand. A few simple steps can significantly lessen the likelihood that your visitors will become clickjacking victims.
If you need the Facebook clicjacking script, drop your comment. I’ll contact you as soon as possible.
Please share to protect someone…


Enter your email address to subscribe to Brainslodge and receive notifications of new posts by email
Don't worry, no SPAM!