These days, you can set a hacker to reach your information by double clicking on a website without thinking about anything.
A new hacking trick called “doubleclickjacking” changes the usual action into a sly way for attackers to control their accounts and change device settings.
Let’s break it down.
Illustration of a scammer. (Kurt “Cyberguy” Knutsson)
What is doubleclickjacking?
DoubleClickJacking is a new spin on an old hacking trick known as ClickJacking. ClickJacking usually works by hiding a malicious button underneath the actual button. So, when you think you’re clicking on something harmless, you’re actually allowing something dangerous. With DoubleClickJacking you’re taking it a step further. Double-clicking will trigger and the hacker will sneak into extra, invisible commands. Your first click may do something normal. Second click? That’s where the damage occurs.
What is Artificial Intelligence (AI)?
Illustration of a hacker at work. (Kurt “Cyberguy” Knutsson)
Click here to get your Fox business on the go
Why is it a threat?
The scary part is how invisible this trick is. Double-clicking is something we all do automatically, and in many cases we do it without thinking about it or giving it. However, that simple action can give the hacker the following permission:
- Access the webcam or microphone
- Change your browser settings
- Click Allow in the hidden pop-up
- Share your location
- Log in, pay, or even crypto transactions
What makes DoubleClickJacking particularly dangerous is that most websites weren’t designed to protect against it. Traditional security features usually protect against a single click, but often cause failures when a second click is involved. That small detail opens the door for attackers to bypass the protective layer.
This trick doesn’t affect the website either. It can also interfere with browser extensions such as Crypto Wallet VPNs may approve actions to users or turn off protection without realizing them. On mobile devices, simple double taps can trigger the same effect. Worse, this vulnerability is more widespread than you might expect. Many well-known websites have not yet been modified. All you need is one quick double click in the wrong place, allowing you to unconsciously provide access to sensitive parts of your device.
Malware reveals 3.9 billion passwords with huge cybersecurity threats
How does doubleclickjacking work?
This is a simplified version of how Trick works. Malicious websites are quietly loaded behind or above visible elements, such as embedded frames, hidden buttons, or disguised pop-ups. On the first click, the attacker uses that action to reposition those hidden elements so that the next click lands exactly as needed. The second click will unconsciously interact with hidden content. You may click Allow in your browser without clicking Allow in your browser, allowing logins, or disabling your settings. This all happens in an instant, as modern browsers are fast lightning. The setup and the entire switch are virtually invisible to the user. From your perspective, it feels like a normal double click.
Images of security features on your computer. (Kurt “Cyberguy” Knutsson)
New Phishing Scams Carry Security Codes to Steal Your Information
How to protect yourself
DoubleClickJacking may be mean, but there are easy ways to keep you safe online. Here are some practical steps you can take now:
1. Note that you double-click on an unfamiliar website. It may sound obvious, but most of us will automatically click (and double-click) it. If the site asks you to double-click anything, especially something to log in, allow, or download, ask yourself if you really need it. Hackers rely on acts quickly without thinking.
2. Please refresh your browser: Browsers such as Chrome, Edge, and Safari regularly release patches for these vulnerabilities. This means that delaying an update can expose you to tricks like DoubleClickJacking. If possible, turn on automatic updates or try to keep up with updates manually, as if they are always protected.
3. Use powerful antivirus software: Browser-based tools and extensions help block hidden or malicious scripts before running, but they are not entirely there. The best way to protect yourself from malicious links to install malware is to install powerful antivirus software on all your devices, as it may access your personal information. This protection can also warn you that it will phish email and ransomware fraud and keep your personal information and digital assets safe. Get the best 2025 Antivirus Protection Winners picks for Windows, Mac, Android and iOS devices.
4. Use a strong and unique password for all accounts. Do not reuse your password. If one account is compromised, hackers can use it to access other accounts. Password managers help you create and store strong passwords easily. Get my details Find the best expert reviewed password managers of 2025 here.
5. Limit unnecessary permissions. Control your privacy by knowing which websites have access to cameras, microphones and locations. Many sites require these permissions by default. Go to your browser’s privacy settings and revoke access from sites you don’t fully trust. For example, here is the guide How to navigate Google’s privacy settings.
6. Avoid sketchy sites and pop-ups. If your website looks outdated, or if you’re willing to actively push yourself to spam or click something, then come out of there. Avoid random file downloads, get something and don’t trust pop-ups that claim you need to “fix” your device or “check” your login information.
Windows Defender Security Center Scam: How to protect your computer from fake popups
Important takeouts in your cart
DoubleClickJacking is a clever new spin in classic hacking tricks that allow CyberCriminal to control a device or account, just from a simple double-click. It is important to be careful as this type of attack is barely visible and works in popular browsers. Always be careful when interacting with unfamiliar websites, especially if you are asked to double-click. Refreshing your browser and limiting unnecessary permissions can go a long way in reducing your risk. Most importantly, having the right digital protection tools in place will help you stop these types of threats before they reach you.
Did you notice any strange behavior after double-clicking on the site, or did you make a close call with a scam? Write us and let us know cyberguy.com/contact
Click here to get the Fox News app
For more information about my tech tips and security alerts, sign up for our free Cyberguy Report Newsletter cyberguy.com/newsletter
Please ask Cart questions or tell us what stories you would like us to cover.
Follow your cart on his social channels:
Answers to the most accused Cyber Guy questions:
New from Cart:
Copyright 2025 cyberguy.com. Unauthorized reproduction is prohibited.
