These days, double-clicking on one thing on a web site with out pondering can set you up for hackers to achieve your info.
A brand new hacking trick referred to as “doubleclickjacking” turns your bizarre motion right into a sneaky means for attackers to take management of your account or change your system settings.
Let’s break it down.
Illustration of a person being scammed. (Kurt “CyberGuy” Knutsson)
What’s doubleclickjacking?
Doubleclickjacking is a brand new spin on an previous hacking trick generally known as clickjacking. Usually, clickjacking works by hiding malicious buttons beneath actual ones, so while you assume you’re clicking one thing innocent, you’re really giving permission for one thing harmful. With doubleclickjacking, it takes issues a step additional. It’s triggered while you double-click, permitting hackers to sneak in an additional, invisible command. Your first click on may do one thing regular. The second click on? That’s the place the harm occurs.
WHAT IS ARTIFICIAL INTELLIGENCE (AI)?
An illustration of a hacker at work. (Kurt “CyberGuy” Knutsson)
GET FOX BUSINESS ON THE GO BY CLICKING HERE
Why is it a risk?
The scary half is how invisible this trick is. Double-clicking is one thing all of us do mechanically, typically with out giving it a second thought. However that straightforward motion might be giving hackers permission to:
- Entry your webcam or microphone
- Change your browser settings
- Click on “Permit” on a hidden pop-up
- Share your location
- Approve a login, fee or perhaps a crypto transaction
What makes doubleclickjacking particularly harmful is that the majority web sites weren’t designed to defend towards it. Conventional safety features often defend towards a single click on, however they typically fail when a second click on is concerned. That small element opens the door for attackers to bypass layers of safety.
This trick doesn’t simply have an effect on web sites, both. It could additionally intervene with browser extensions like crypto wallets and VPNs, generally tricking customers into approving actions or turning off safety with out realizing it. On cell gadgets, a easy double-tap can set off the identical impact. To make issues worse, this vulnerability is extra widespread than you may anticipate. Many well-known web sites haven’t fastened it but. All it takes is one fast double-click within the improper place, and you can unknowingly give away entry to delicate elements of your system.
MALWARE EXPOSES 3.9 BILLION PASSWORDS IN HUGE CYBERSECURITY THREAT
How does doubleclickjacking work?
Right here’s a simplified model of how the trick performs out. A malicious web site quietly hundreds invisible components behind or over seen ones, like an embedded body, hidden button, or disguised pop-up. In your first click on, the attacker makes use of that motion to reposition these hidden components in order that your subsequent click on lands precisely the place they need it. In your second click on, you unknowingly work together with the hidden content material. You is likely to be clicking “Permit” on a browser permission, authorizing a login, or disabling a setting, with out ever realizing it. As a result of trendy browsers are lightning quick, this all occurs in a break up second. The complete setup and swap are just about invisible to the person. Out of your perspective, it simply seems like a traditional double-click.
Picture of safety function on a pc. (Kurt “CyberGuy” Knutsson)
NEW PHISHING SCAM OUTSMARTS SECURITY CODES TO STEAL YOUR INFO
How you can defend your self
Doubleclickjacking is likely to be sneaky, however there are easy methods to maintain your self safer on-line. Listed here are some sensible steps you possibly can take proper now:
1. Be cautious about double-clicking on unfamiliar web sites: It would sound apparent, however most of us click on (and double-click) mechanically. If a website prompts you to double-click something, particularly for a login, permission or obtain, ask your self if it’s actually essential. Hackers depend on you performing shortly with out pondering.
2. Maintain your browser up to date: Browsers like Chrome, Edge and Safari frequently launch patches for these vulnerabilities. Which means delaying updates might depart you uncovered to methods like doubleclickjacking. Activate computerized updates if potential, or ensure to manually sustain with updates so that you’re at all times protected.
3. Use sturdy antivirus software program: Browser-based instruments and extensions might help block hidden or malicious scripts earlier than they run, however they’re not foolproof. The easiest way to safeguard your self from malicious hyperlinks that set up malware, probably accessing your non-public info, is to have sturdy antivirus software program put in on all of your gadgets. This safety also can provide you with a warning to phishing emails and ransomware scams, holding your private info and digital belongings secure. Get my picks for one of the best 2025 antivirus safety winners on your Home windows, Mac, Android and iOS gadgets.
4. Use sturdy, distinctive passwords for each account: Don’t reuse passwords. If one account will get compromised, hackers can use it to entry your different accounts. A password supervisor helps you create and retailer sturdy passwords effortlessly. Get extra particulars about my greatest expert-reviewed Password Managers of 2025 right here.
5. Restrict pointless permissions: Take management of your privateness by reviewing which web sites have entry to your digital camera, microphone, and site. Many websites request these permissions by default, even once they don’t want them. Head into your browser’s privateness settings and revoke entry from any website you don’t totally belief. For instance, here is a information on learn how to navigate Google’s privateness settings.
6. Keep away from sketchy websites and pop-ups: If a web site appears outdated, spammy or aggressively pushes you to click on one thing, get out of there. Keep away from downloading random information, and don’t belief pop-ups that declare you’ve gained one thing, have to “repair” your system or “confirm” your login information.
WINDOWS DEFENDER SECURITY CENTER SCAM: HOW TO PROTECT YOUR COMPUTER FROM FAKE POP-UPS
Kurt’s key takeaways
Doubleclickjacking is a intelligent new spin on a basic hacking trick that permits cybercriminals to take management over your system or account, simply from a easy double-click. As a result of this sort of assault is sort of invisible and works on well-liked browsers, it’s vital to remain alert. At all times be cautious when interacting with unfamiliar web sites, particularly when you’re being requested to double-click. Conserving your browser up to date and limiting pointless permissions can go a good distance in lowering your threat. Most significantly, having the correct digital safety instruments in place might help cease a majority of these threats earlier than they ever attain you.
Have you ever’ve observed odd conduct after double-clicking on a website or had an in depth name with a rip-off? Tell us by writing us at Cyberguy.com/Contact
CLICK HERE TO GET THE FOX NEWS APP
For extra of my tech ideas and safety alerts, subscribe to my free CyberGuy Report Publication by heading to Cyberguy.com/Publication
Ask Kurt a query or tell us what tales you need us to cowl.
Comply with Kurt on his social channels:
Solutions to the most-asked CyberGuy questions:
New from Kurt:
Copyright 2025 CyberGuy.com. All rights reserved.
