After the “Clickjacking”, here is the “Double Clickjacking”. This new scam, which consists in hacking an interface to attract internet users in a very subtle trap, flowered online for a few months and is particularly formidable, reports how it works.
This scam is based on very common online manipulation which does not awaken no suspicion: double-click, which allows Internet users to confirm an operation. A button offering an attractive offer or inviting to validate a form, such as “click here for a gift” or “validate your Captcha” attracts the victims first.
A very subtle scam
After the first click, a new window opens discreetly or the site interface subtly changes. Then the second click will prove to be fatal, allowing the installation of malware, confirming a banking operation or allowing hackers to access the personal data of the target, explains Press-Citron. The user does not realize anything.
This new technique requires hacking skills, but the result is there: the victims are discreetly fucked. The crooks are targeting poorly protected sites and their scam is not identifiable by conventional cybersecurity tools such as cookies, antivirus or anti-phishing extensions.
Remain vigilant in all circumstances
“The idea is to fly, to capture a click,” analyzes Benoît Grunemwald, cybersecurity expert interviewed by RMC Conso. “The pirates divert the click to do something else, in particular to connect in their place on multiple accounts. […] As the first click is protected, they intervene in the very small time until the second click. »»
A first alert concerning this new scam had been launched at the end of 2024 and the technique seems to multiply since. To protect yourself from it, alertness remains the best weapons. It is advisable not to rush on too interesting offers or to hurry in the face of pressing solicitations. By avoiding dubious sites and using tools blocking the automatic script execution, Internet users will also be invited to worry.
