Google Takes Action Against Clickjacking

Our online experience can be interfered with in quite a number of ways that seem to evolve everyday. Aggressive pop ups can be now suppressed by installing pop up blockers on your browser, but there are other ways that crafty publishers and advertisers have employed to gain unearned traffic to their online channels. One of these methods is known as Clickjacking, which is described as a way of tricking a web user click on something they never intended to click on, which can sometimes open them up to others types of attacks by revealing personal information or triggering actions that take over their computer. Sometimes, it will simply redirect you to another website, online store or other digital space, while some other reported actions have seen it lead to enabling a users’ webcam and mic, liking or following other users on social media, downloading malicious software, play video content or clicking AdSense ads in order to make a profit from a large number of unintentional clicks.

The clicks are garnered by “invisible” ads strategically placed over top areas where users would normally click anyway. Sometimes, it can be a transparent overlay on the entire page, and other times it’s placed right over buttons where the call to action is located like “play”, “read more” or “send”. For example, video play buttons may actually be covered by a clickable area that becomes triggered when the user tries to play the content. They will unknowingly click on the advertisement that will then begin an action, like open a different webpage or advertisement, that they did not originally mean to complete.  There’s also another variation of the attack where the invisible ad unit actually follows the cursor of the user, making it impossible to avoid regardless of where you click on the page.

Luckily, Google is working to strengthen its defences against the practice, releasing an official statement about their work towards creating safety against Clickjacking. “Our engineering and operations teams are continually working to identify new and emerging threats. Once a new ad fraud threat is found, we move quickly to defend our systems against it using a combination of technology, operations, and policy,” they said in a post on the AdSense blog. After discovering the activity earlier this year, Google has committed to moving quickly to terminate accounts or entities who were involved in trying to benefit from the practice in order to further their own agendas, their engineering team creating filters that could exclude content like that from display ads altogether. As new technologies continue to pop up, publishers are finding new and emerging ways to get around traditional rules set up for online advertising, engagement and a whole host of other things; and clickjacking is just a part of that. As an emerging trend that can sometimes be tricky to identify until it’s too late, Google is continuing to work to address these threats as quickly as possible.

Leave a Comment