accessibilty toolbox
color contrast
text size
highlighting more content
zoom in
  • Setup by the Attacker: The attacker creates a malicious webpage that displays legitimate-looking buttons or forms.
  • Layering a Hidden Page: They then load a real webpage (e.g., banking, social media, payment) in an invisible iframe or transparent layer over the fake interface.
  • Tricking the User: The user sees and clicks what looks like a normal button (e.g., "Play Video" or "Download Now"), but the click actually interacts with the invisible layer beneath.
  • Execution: As a result, the user unknowingly submits a form, approves a payment, changes settings, or grants permissions — all without realizing it.
  • No Traceability: Since the user is often logged in and the interaction is valid, it is nearly impossible to trace or reverse the action.

Rate this translation