Clickjacking

This webpage includes a non-transparant iframe below, with an obvious button. This iframe is from a different website, which a user might not realise. So an attacker can use iframes like this to 'steal' buttons from other websites and trick users into clicking on them.

See what happens when we make this iframe transparant

 

 

 

 

Of course, for an interesting UI redressing attack, the inner frame would not be something uninteresting like it is here (the iframe is just some other demo page from my own site), but it would be a third party site that I'd want to attack. E.g. it could be the Osiris website, so that by accidentally clicking the button you would dis-enroll for some course.