Clickjacking: a study on popular
websites in India
Vijaya Geeta Dharmavaram
Department of Operations, GITAM Institute of Management,
GITAM University, Visakhapatnam, India
Purpose – The purpose of the paper is to assess the precautionary measures adopted by the popular
websites in India, and, thus, nd out how vulnerable the Indian Web users are to this form of attack.
Today almost all work is done through the Internet, including monetary transactions. This holds true
even for developing countries like India, thus making secure browsing a necessity. However, an attack
called “clickjacking” can help Internet scammers to carry out fraudulent tasks. Even though researchers
had proposed different techniques to face this threat, it remains a question on how effectively they are
deployed in practice.
Design/methodology/approach – To carry out the study, top 100 Indian and global websites in
India were identied and were divided into static and dynamic websites based on the level of interaction
they offer to the users. These websites were checked to see whether they offer any basic protection
against clickjacking and, if so, which defence technique is used. A comparison between Indian websites
and global websites is done to see where India stands in terms of providing security.
Findings – The results show that 86 per cent of Indian websites offer no protection against
clickjacking, in contrast to 51 per cent of global websites. It is also observed that in the case of dynamic
websites, only 18 per cent of Indian websites offer some form of protection, when compared to 63 per
cent of global websites. This is quite alarming, as dynamic websites such as social networking and
banking websites are the likely candidates for clickjacking, resulting in serious consequences such as
identity and monetary theft.
Originality/value – In this paper, vulnerability of Indian websites to clickjacking is presented, which
was not addressed before. This will help in creating awareness among the Indian Web developers as
well as the general public, so that precautionary measures can be adopted.
Keywords Clickjacking, Identity theft, Online monetary theft, UI redressing, Web based attack
Paper type Research paper
It ’is the beginning of the month and you have opened your banking website to clear off few
bills. You open another tab in the browser to play some music while you work in the system.
You come across a new music website that promises some cool new songs. You select a song
and click on the “play” button. Nothing happens. You click many times but with no result.
Frustrated you close the tab. However, you nd that some amount of money from your bank
account has just been transferred to an unknown account without your knowledge and doing.
The opening vignette is an example of a new attack called “Clickjacking”, which
eventually refers to hijacking the user clicks. In this attack, a click of a user on a
safe-looking link or a button in one website creates an unintended action in another
website that proves advantageous to the attacker. Such situation is quite alarming,
given that how much dependent we are becoming on the Internet.
The current issue and full text archive of this journal is available on Emerald Insight at:
Journalof Money Laundering
Vol.18 No. 4, 2015
©Emerald Group Publishing Limited