DoubleClickjacking hack turns double-clicks into account takeovers

Nowadays, double-clicking connected thing connected a website without reasoning tin acceptable you up for hackers to scope your information. 

A caller hacking instrumentality called "doubleclickjacking" turns your mean enactment into a sneaky mode for attackers to instrumentality power of your relationship oregon alteration your instrumentality settings. 

Let’s interruption it down.

STAY PROTECTED & INFORMED! GET SECURITY ALERTS & EXPERT TECH TIPS — SIGN UP FOR KURT’S THE CYBERGUY REPORT NOW

Illustration of an idiosyncratic being scammed. (Kurt "CyberGuy" Knutsson)

What is doubleclickjacking?

Doubleclickjacking is simply a caller rotation connected an aged hacking instrumentality known arsenic clickjacking. Normally, clickjacking works by hiding malicious buttons underneath existent ones, truthful erstwhile you deliberation you’re clicking thing harmless, you’re really giving support for thing dangerous. With doubleclickjacking, it takes things a measurement further. It’s triggered erstwhile you double-click, allowing hackers to sneak successful an extra, invisible command. Your archetypal click mightiness bash thing normal. The 2nd click? That’s wherever the harm happens.

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

An illustration of a hacker astatine work. (Kurt "CyberGuy" Knutsson)

GET FOX BUSINESS ON THE GO BY CLICKING HERE

Why is it a threat?

The scary portion is however invisible this instrumentality is. Double-clicking is thing we each bash automatically, often without giving it a 2nd thought. But that elemental enactment could beryllium giving hackers support to:

• Access your webcam oregon microphone
• Change your browser settings
• Click "Allow" connected a hidden pop-up
• Share your location
• Approve a login, outgo oregon adjacent a crypto transaction

What makes doubleclickjacking particularly unsafe is that astir websites weren’t designed to support against it. Traditional information features usually support against a azygous click, but they often neglect erstwhile a 2nd click is involved. That tiny item opens the doorway for attackers to bypass layers of protection. 

This instrumentality doesn’t conscionable impact websites, either. It tin besides interfere with browser extensions similar crypto wallets and VPNs, sometimes tricking users into approving actions oregon turning disconnected extortion without realizing it. On mobile devices, a elemental double-tap tin trigger the aforesaid effect. To marque matters worse, this vulnerability is much wide than you mightiness expect. Many well-known websites haven’t fixed it yet. All it takes is 1 speedy double-click successful the incorrect place, and you could unknowingly springiness distant entree to delicate parts of your device.

MALWARE EXPOSES 3.9 BILLION PASSWORDS IN HUGE CYBERSECURITY THREAT

How does doubleclickjacking work?

Here’s a simplified mentation of however the instrumentality plays out. A malicious website softly loads invisible elements down oregon implicit disposable ones, similar an embedded frame, hidden button, oregon disguised pop-up. On your archetypal click, the attacker uses that enactment to reposition those hidden elements truthful that your adjacent click lands precisely wherever they privation it. On your 2nd click, you unknowingly interact with the hidden content. You mightiness beryllium clicking "Allow" connected a browser permission, authorizing a login, oregon disabling a setting, without ever realizing it. Because modern browsers are lightning fast, this each happens successful a divided second. The full setup and power are virtually invisible to the user. From your perspective, it conscionable feels similar a mean double-click.

Image of information diagnostic connected a computer. (Kurt "CyberGuy" Knutsson)

NEW PHISHING SCAM OUTSMARTS SECURITY CODES TO STEAL YOUR INFO

How to support yourself

Doubleclickjacking mightiness beryllium sneaky, but determination are elemental ways to support yourself safer online. Here are immoderate applicable steps you tin instrumentality close now:

1. Be cautious astir double-clicking connected unfamiliar websites: It mightiness dependable obvious, but astir of america click (and double-click) automatically. If a tract prompts you to double-click anything, particularly for a login, support oregon download, inquire yourself if it’s truly necessary. Hackers trust connected you acting rapidly without thinking.

2. Keep your browser updated: Browsers similar Chrome, Edge and Safari regularly merchandise patches for these vulnerabilities. That means delaying updates could permission you exposed to tricks similar doubleclickjacking. Turn connected automatic updates if possible, oregon marque definite to manually support up with updates truthful you’re ever protected.

3. Use beardown antivirus software: Browser-based tools and extensions tin assistance artifact hidden oregon malicious scripts earlier they run, but they’re not foolproof. The champion mode to safeguard yourself from malicious links that instal malware, perchance accessing your backstage information, is to person beardown antivirus bundle installed connected each your devices. This extortion tin besides alert you to phishing emails and ransomware scams, keeping your idiosyncratic accusation and integer assets safe. Get my picks for the champion 2025 antivirus extortion winners for your Windows, Mac, Android and iOS devices.

4. Use strong, unsocial passwords for each account: Don’t reuse passwords. If 1 relationship gets compromised, hackers tin usage it to entree your different accounts. A password manager helps you make and store beardown passwords effortlessly. Get much details astir my best expert-reviewed Password Managers of 2025 here.

5. Limit unnecessary permissions: Take power of your privateness by reviewing which websites person entree to your camera, microphone, and location. Many sites petition these permissions by default, adjacent erstwhile they don’t request them. Head into your browser’s privateness settings and revoke entree from immoderate tract you don’t afloat trust. For example, here's a usher on how to navigate Google's privateness settings.

6. Avoid sketchy sites and pop-ups: If a website looks outdated, spammy oregon aggressively pushes you to click something, get retired of there. Avoid downloading random files, and don’t spot pop-ups that assertion you’ve won something, request to "fix" your instrumentality oregon "verify" your login info. 

WINDOWS DEFENDER SECURITY CENTER SCAM: HOW TO PROTECT YOUR COMPUTER FROM FAKE POP-UPS

Kurt’s cardinal takeaways

Doubleclickjacking is simply a clever caller rotation connected a classical hacking instrumentality that allows cybercriminals to instrumentality power implicit your instrumentality oregon account, conscionable from a elemental double-click. Because this benignant of onslaught is astir invisible and works connected fashionable browsers, it’s important to enactment alert. Always beryllium cautious erstwhile interacting with unfamiliar websites, particularly if you're being asked to double-click. Keeping your browser updated and limiting unnecessary permissions tin spell a agelong mode successful reducing your risk. Most importantly, having the close integer extortion tools successful spot tin assistance halt these types of threats earlier they ever scope you.

Have you’ve noticed unusual behaviour aft double-clicking connected a tract oregon had a adjacent telephone with a scam? Let america cognize by penning america at Cyberguy.com/Contact

CLICK HERE TO GET THE FOX NEWS APP

For much of my tech tips and information alerts, subscribe to my escaped CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter

Ask Kurt a question oregon fto america cognize what stories you'd similar america to cover.

Follow Kurt connected his societal channels:

• Facebook
• YouTube
• Instagram

Answers to the most-asked CyberGuy questions:

• What is the champion mode to support your Mac, Windows, iPhone and Android devices from getting hacked?
• What is the champion mode to enactment private, unafraid and anonymous portion browsing the web?
• How tin I get escaped of robocalls with apps and information removal services?
• How bash I region my backstage information from the internet?

New from Kurt:

• Try CyberGuy's caller games (crosswords, connection searches, trivia and more!)
• CyberGuy’s Exclusive Coupons and Deals

Copyright 2025 CyberGuy.com. All rights reserved.