Clickjacking is a type of cyber attack wherein the perpetrator tricks website visitors into unintentionally clicking a page element or link disguised to lead to a non-malicious page when it actually does otherwise.
The attacker typically cloaks a page element (say, an invisible box) using a so-called “iframe.” Iframe is short for “invisible frame.” The malicious item sits on top, so it gets clicked instead of an image or hyperlink behind it. If we look under the hood, a link to the attacker’s page is located in the top frame, while the image or site link the victim thinks he/she is accessing is in the sub-frame.
Offenders also conceal links using uniform resource locator (URL) shorteners. In this case, the shortened form of the link hides the malicious URL. As a result, users get taken to a different destination from what they initially saw in the link preview.
If we were to draw an analogy, clickjacking is comparable to receiving a majestically wrapped present. But when you tear off the wrapping, you’ll only find an underwhelming item inside.