Social jacking

Social jacking is malicious technique tricking the users for clicking vulnerable buttons or compromise them by showing false appearing pages, it is a mixture of click jacking technique to breach browser security and social engineering. It may be also referred as User interface disguising method, it is a variant of click jacking method.

Technique

The original page or vulnerable page is loaded using iframe tag, after that all the unnecessary contents in that webpage displayed in iframe is removed by placing white background div tag elements by using absolute positioning property using css, thus all unnecessary information in the displayed vulnerable page is removed and only buttons or links are alone made visible to the user, more over some additional social engineering messages like click the below button so get access or get reward is displayed above the iframe tag, so the user is made to click the visible button without knowing what happens when he clicks the button.

Examples

Prevention

Prevention of these methods is quite tough, its up to the user by identifying and analyzing the webpages and he should not click any anonymous links or buttons .

Implementation

Social jacking can be easily implemented using Google Web Toolkit, where we can design the webpage using wysiwyg GUI builder and drag white background colored panel over the iframe window thus hiding the unnecessary information, while revealing the vulnerable buttons alone.

See also

References

    This article is issued from Wikipedia - version of the 9/24/2015. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.