At various times throughout your workday, you may find yourself needing to double-click your mouse while completing certain actions on your computer. Some of the most common uses of the double-click include opening files on your device, opening applications, or highlighting text. This action is very routine. However, even something as simple and innocent as a double-click isn’t safe from the tactics of hackers and scammers.
Earlier this month, experts notified the public of a newly discovered scam that utilizes double-click timing to bypass major browser protections. The intention of the scam is to trick users into accidentally approving unauthorized actions such as sharing data or allowing outside access. It has been dubbed “double-clickjacking” and has been known to work in several different browsers, including Google Chrome, Microsoft Edge, and Apple’s Safari.
Clickjacking is a scam tactic that has been around for a while, though it has now generally become obsolete due to the built-in protections that browsers often provide. Clickjacking is the practice of concealing hyperlinks beneath legitimate clickable content, which tricks users into clicking malicious links. To get around the protections that prevent regular clickjacking nowadays, scammers created double-clickjacking which adds another layer of attack. Essentially, the cyberattack exploits the timing of a double-click in order to bypass protections and trick users into unknowingly clicking on malicious links, validating logins, authorize actions, etc.
Usually, a prompt will appear that instructs the user to double-click something on the page, whether it be a submit button or a CAPTCHA verification. But, between each click, hackers can seamlessly swap out seemingly legitimate elements with malicious ones. This attack is particularly dangerous because it requires very little user interaction and because it is typically undetectable.
Experts have advised that browsers start working on updates with protections against this new scam. Just like clickjacking, double-clickjacking could be prevented through built-in browser protections. In the meantime, users should be cautious and wary of online prompts requiring double-clicks. Also, users should make sure to keep their browsers up to date so that they can utilize the new and improved protections that will hopefully come out in updates soon. To check for browser updates, open the browser, click the three dots in the top right and select Settings from the listed menu; go to ‘About xxxx’ and click and it should automatically check for and install any updates.
Read our previous post here: Software Updates Can Fix Vulnerabilities Used By Scammers
