Google takes on clickjacking

Among its latest efforts to address online display advertising fraud, Google says it has rolled out new defenses against clickjacking.

What is clickjacking?

If you’ve ever clicked on a button or tried to play a video on a web page and been taken unexpectedly to another web page, you’ve likely been a victim of clickjacking.

Hackers essentially overlay a transparent page over a legitimate web page. To the user, the web page looks perfectly normal, but when a user clicks on a video play button, for example, the action actually occurs on the transparent overlay. Clickjacked pages can be used to trigger one-click orders from Amazon, gain Facebook likes and Twitter followers, download malware to gain access to users’ phones, and of course, to enable click fraud on invisible ads.

Clickjacking also goes by more technical names like UI redress, User Interface redress attack, UI redressing.

What’s Google doing about it?

Google is addressing the use of clickjacking for display ad click fraud. The company says it discovered clickjacking going on in the Display Network earlier this year.

Google says publishers engaging in clickjacking from the network are being removed, and a new filter was developed to exclude invalid traffic on display ads from clickjacked pages on both mobile and desktop devices.

In a blog post announcing the moves, Andres Ferrate, Chief Advocate of Ad Traffic Quality at Google, explained:

When our system detects a Clickjacking attempt, we zero-in on the traffic attributed to that placement, and remove it from upcoming payment reports to ensure that advertisers are not charged for those clicks.

In March, mobile security firm Skycure said that more than 500 million Android devices were susceptible to what it calls Accessibility Clickjacking, malware that can give hackers access to people’s phones. With its findings, Skycure also issued recommended steps for users to protect themselves against this threat,