What is Bait & Switch attack and how is it different from Clickjacking?

• Both these techniques can be used to steal login credentials and personal details right under a user’s nose.
• ‘Bait & Switch’ is a type of fraud that uses relatively trusted avenues - ads - to trick users into visiting malicious sites.

When hackers set out to attack individuals or organizations, they have a broad selection of hacking tools and techniques at their disposal. Two of such techniques are ‘Bait & Switch attack’ and ‘Clickjacking attack’. Both these techniques can be used to steal login credentials and personal details right under a user’s nose.

What is ‘Bait & Switch’ attack?

‘Bait & Switch’ is a type of fraud that uses relatively trusted avenues - ads - to trick users into visiting malicious sites. These attacks often occur in the form of advertising space being sold by websites and purchased by shady companies. Once the rogue attackers purchase the ad space, they replace the ad with an innocuous link which could be later used to download malware or browser locking or to compromise targeted systems.

In some cases, the ad may also link to a legitimate website, programmed to redirect you to a far more harmful site.

What is Clickjacking?

Clickjacking/User Interface redress is a malicious technique that tricks a user into clicking a webpage that is invisible or disguised as another element. The hackers have several ways to redirect clicks for their own gain. However, a common form of clickjacking involves mirroring a login and password form on a website. The user assumes that they are entering their information into a usual form but they are actually entering it in fields controlled by hackers.

An attacker may also choose the technique to redirect the clicks to download malware or gain access to vital systems.

The damage clickjacking can do depends on the purpose of the hackers. The most common uses include collecting fake Facebook likes, getting users to click on ads and generate revenues, and even unlocking their cameras and microphones.

Bottom line

Cybercriminals are spoilt for choices when it comes to stealing sensitive users’ data or deploying malware. They are thousands of different vulnerabilities and ways to exploit them online. Thus, it is very important for individuals and organizations to be forearmed in order to tackle such situations.