Nowadays, double-clicking on something on a website without thinking can set you up for hackers to reach your information.
A new hacking trick called “doubleclickjacking” turns your ordinary action into a sneaky way for attackers to take control of your account or change your device settings.
Let’s break it down.
What is doubleclickjacking?
Doubleclickjacking is a new spin on an old hacking trick known as clickjacking. Normally, clickjacking works by hiding malicious buttons underneath real ones, so when you think you’re clicking something harmless, you’re actually giving permission for something dangerous. With doubleclickjacking, it takes things a step further. It’s triggered when you double-click, allowing hackers to sneak in an extra, invisible command. Your first click might do something normal. The second click? That’s where the damage happens.
Why is it a threat?
The scary part is how invisible this trick is. Double-clicking is something we all do automatically, often without giving it a second thought. But that simple action could be giving hackers permission to:
- Access your webcam or microphone
- Change your browser settings
- Click “Allow” on a hidden pop-up
- Share your location
- Approve a login, payment or even a crypto transaction
What makes doubleclickjacking especially dangerous is that most websites weren’t designed to defend against it. Traditional security features usually protect against a single click, but they often fail when a second click is involved. That small detail opens the door for attackers to bypass layers of protection.
This trick doesn’t just affect websites, either. It can also interfere with browser extensions like crypto wallets and VPNs, sometimes tricking users into approving actions or turning off protection without realizing it. On mobile devices, a simple double-tap can trigger the same effect. To make matters worse, this vulnerability is more widespread than you might expect. Many well-known websites haven’t fixed it yet. All it takes is one quick double-click in the wrong place, and you could unknowingly give away access to sensitive parts of your device.
How does doubleclickjacking work?
Here’s a simplified version of how the trick plays out. A malicious website quietly loads invisible elements behind or over visible ones, like an embedded frame, hidden button, or disguised pop-up. On your first click, the attacker uses that action to reposition those hidden elements so that your next click lands exactly where they want it. On your second click, you unknowingly interact with the hidden content. You might be clicking “Allow” on a browser permission, authorizing a login, or disabling a setting, without ever realizing it. Because modern browsers are lightning fast, this all happens in a split second. The entire setup and switch are virtually invisible to the user. From your perspective, it just feels like a normal double-click.
How to protect yourself
Doubleclickjacking might be sneaky, but there are simple ways to keep yourself safer online. Here are some practical steps you can take right now:
1. Be cautious about double-clicking on unfamiliar websites: It might sound obvious, but most of us click (and double-click) automatically. If a site prompts you to double-click anything, especially for a login, permission or download, ask yourself if it’s really necessary. Hackers rely on you acting quickly without thinking.
2. Keep your browser updated: Browsers like Chrome, Edge and Safari regularly release patches for these vulnerabilities. That means delaying updates could leave you exposed to tricks like doubleclickjacking. Turn on automatic updates if possible, or make sure to manually keep up with updates so you’re always protected.
3. Use strong antivirus software: Browser-based tools and extensions can help block hidden or malicious scripts before they run, but they’re not foolproof. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.
4. Use strong, unique passwords for every account: Don’t reuse passwords. If one account gets compromised, hackers can use it to access your other accounts. A password manager helps you create and store strong passwords effortlessly. Get more details about my best expert-reviewed Password Managers of 2025 here.
5. Limit unnecessary permissions: Take control of your privacy by reviewing which websites have access to your camera, microphone, and location. Many sites request these permissions by default, even when they don’t need them. Head into your browser’s privacy settings and revoke access from any site you don’t fully trust. For example, here’s a guide on how to navigate Google’s privacy settings.
6. Avoid sketchy sites and pop-ups: If a website looks outdated, spammy or aggressively pushes you to click something, get out of there. Avoid downloading random files, and don’t trust pop-ups that claim you’ve won something, need to “fix” your device or “verify” your login info.
Kurt’s key takeaways
Doubleclickjacking is a clever new spin on a classic hacking trick that allows cybercriminals to take control over your device or account, just from a simple double-click. Because this kind of attack is nearly invisible and works on popular browsers, it’s important to stay alert. Always be cautious when interacting with unfamiliar websites, especially if you’re being asked to double-click. Keeping your browser updated and limiting unnecessary permissions can go a long way in reducing your risk. Most importantly, having the right digital protection tools in place can help stop these types of threats before they ever reach you.
Have you’ve noticed odd behavior after double-clicking on a site or had a close call with a scam? Let us know by writing us at Cyberguy.com/Contact
For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter
Ask Kurt a question or let us know what stories you’d like us to cover.
Follow Kurt on his social channels:
Answers to the most-asked CyberGuy questions:
- What is the best way to protect your Mac, Windows, iPhone and Android devices from getting hacked?
- What is the best way to stay private, secure and anonymous while browsing the web?
- How can I get rid of robocalls with apps and data removal services?
- How do I remove my private data from the internet?
New from Kurt:
- Try CyberGuy’s new games (crosswords, word searches, trivia and more!)
- CyberGuy’s Exclusive Coupons and Deals
Copyright 2025 CyberGuy.com. All rights reserved.
The post DoubleClickjacking hack turns double-clicks into account takeovers appeared first on Fox News.
