Here the Attacker will attempt to get access to the victims account by forcing the victim to
change his/her password to one the attacker has selected.
- Attacker sends a phishing email to the victim congratulating him on winning the employees of the year award.
- Victim clicks the link to accept the prestige’s award!
- The attacker successfully tricked the victim into changing his/her account password.
- Once this is achieved the attacker can now access the victims account, steal Sensitive data, transfer money or even change the password of the account again and maintain access. ! 🙂
- That is ClickJacking. 🙂