These days, double-clicking on one thing on a web site with out considering can set you up for hackers to succeed in your data.
A brand new hacking trick known as “doubleclickjacking” turns your peculiar motion right into a sneaky manner for attackers to take management of your account or change your machine settings.
Let’s break it down.
Illustration of a person being scammed. (Kurt “CyberGuy” Knutsson)
What’s doubleclickjacking?
Doubleclickjacking is a brand new spin on an previous hacking trick referred to as clickjacking. Usually, clickjacking works by hiding malicious buttons beneath actual ones, so while you assume you’re clicking one thing innocent, you’re really giving permission for one thing harmful. With doubleclickjacking, it takes issues a step additional. It’s triggered while you double-click, permitting hackers to sneak in an additional, invisible command. Your first click on would possibly do one thing regular. The second click on? That’s the place the harm occurs.
WHAT IS ARTIFICIAL INTELLIGENCE (AI)?
An illustration of a hacker at work. (Kurt “CyberGuy” Knutsson)
GET FOX BUSINESS ON THE GO BY CLICKING HERE
Why is it a risk?
The scary half is how invisible this trick is. Double-clicking is one thing all of us do robotically, typically with out giving it a second thought. However that straightforward motion may very well be giving hackers permission to:
- Entry your webcam or microphone
- Change your browser settings
- Click on “Allow” on a hidden pop-up
- Share your location
- Approve a login, fee or perhaps a crypto transaction
What makes doubleclickjacking particularly harmful is that the majority web sites weren’t designed to defend in opposition to it. Conventional security measures normally shield in opposition to a single click on, however they typically fail when a second click on is concerned. That small element opens the door for attackers to bypass layers of safety.
This trick doesn’t simply have an effect on web sites, both. It may additionally intrude with browser extensions like crypto wallets and VPNs, typically tricking customers into approving actions or turning off safety with out realizing it. On cellular gadgets, a easy double-tap can set off the identical impact. To make issues worse, this vulnerability is extra widespread than you would possibly anticipate. Many well-known web sites haven’t mounted it but. All it takes is one fast double-click within the incorrect place, and you could possibly unknowingly give away entry to delicate components of your machine.
MALWARE EXPOSES 3.9 BILLION PASSWORDS IN HUGE CYBERSECURITY THREAT
How does doubleclickjacking work?
Right here’s a simplified model of how the trick performs out. A malicious web site quietly hundreds invisible parts behind or over seen ones, like an embedded body, hidden button, or disguised pop-up. In your first click on, the attacker makes use of that motion to reposition these hidden parts in order that your subsequent click on lands precisely the place they need it. In your second click on, you unknowingly work together with the hidden content material. You is perhaps clicking “Allow” on a browser permission, authorizing a login, or disabling a setting, with out ever realizing it. As a result of fashionable browsers are lightning quick, this all occurs in a cut up second. Your entire setup and swap are just about invisible to the consumer. Out of your perspective, it simply looks like a standard double-click.
Picture of safety characteristic on a pc. (Kurt “CyberGuy” Knutsson)
NEW PHISHING SCAM OUTSMARTS SECURITY CODES TO STEAL YOUR INFO
How you can shield your self
Doubleclickjacking is perhaps sneaky, however there are easy methods to maintain your self safer on-line. Listed below are some sensible steps you may take proper now:
1. Be cautious about double-clicking on unfamiliar web sites: It would sound apparent, however most of us click on (and double-click) robotically. If a web site prompts you to double-click something, particularly for a login, permission or obtain, ask your self if it’s actually essential. Hackers depend on you appearing rapidly with out considering.
2. Preserve your browser up to date: Browsers like Chrome, Edge and Safari repeatedly launch patches for these vulnerabilities. Which means delaying updates might go away you uncovered to tips like doubleclickjacking. Activate computerized updates if potential, or be certain that to manually sustain with updates so that you’re at all times protected.
3. Use sturdy antivirus software program: Browser-based instruments and extensions may help block hidden or malicious scripts earlier than they run, however they’re not foolproof. One of the simplest ways to safeguard your self from malicious hyperlinks that set up malware, doubtlessly accessing your personal data, is to have sturdy antivirus software program put in on all of your gadgets. This safety may also provide you with a warning to phishing emails and ransomware scams, retaining your private data and digital belongings protected. Get my picks for one of the best 2025 antivirus safety winners to your Home windows, Mac, Android and iOS gadgets.
4. Use sturdy, distinctive passwords for each account: Don’t reuse passwords. If one account will get compromised, hackers can use it to entry your different accounts. A password supervisor helps you create and retailer sturdy passwords effortlessly. Get extra particulars about my greatest expert-reviewed Password Managers of 2025 right here.
5. Restrict pointless permissions: Take management of your privateness by reviewing which web sites have entry to your digicam, microphone, and site. Many websites request these permissions by default, even after they don’t want them. Head into your browser’s privateness settings and revoke entry from any web site you don’t totally belief. For instance, this is a information on tips on how to navigate Google’s privateness settings.
6. Keep away from sketchy websites and pop-ups: If a web site appears outdated, spammy or aggressively pushes you to click on one thing, get out of there. Keep away from downloading random information, and don’t belief pop-ups that declare you’ve received one thing, must “fix” your machine or “verify” your login data.
WINDOWS DEFENDER SECURITY CENTER SCAM: HOW TO PROTECT YOUR COMPUTER FROM FAKE POP-UPS
Kurt’s key takeaways
Doubleclickjacking is a intelligent new spin on a traditional hacking trick that permits cybercriminals to take management over your machine or account, simply from a easy double-click. As a result of this type of assault is almost invisible and works on common browsers, it’s essential to remain alert. All the time be cautious when interacting with unfamiliar web sites, particularly should you’re being requested to double-click. Protecting your browser up to date and limiting pointless permissions can go a good distance in lowering your threat. Most significantly, having the precise digital safety instruments in place may help cease some of these threats earlier than they ever attain you.
Have you ever’ve observed odd conduct after double-clicking on a web site or had an in depth name with a rip-off? Tell us by writing us at Cyberguy.com/Contact
CLICK HERE TO GET THE FOX NEWS APP
For extra of my tech ideas and safety alerts, subscribe to my free CyberGuy Report E-newsletter by heading to Cyberguy.com/E-newsletter
Ask Kurt a query or tell us what tales you want us to cowl.
Observe Kurt on his social channels:
Solutions to the most-asked CyberGuy questions:
New from Kurt:
Copyright 2025 CyberGuy.com. All rights reserved.
