What type of attack involves tricking a user into clicking on a hidden or disguised webpage element?

Clickjacking hinges on deceiving the user by making them click on something that looks legitimate while the action is actually being triggered by a hidden or disguised element layered under or over the visible UI. Attackers often use iframes or transparent overlays to capture the user’s click on a harmless-looking button or link, causing an unintended action without the user realizing it. This differs from phishing, which relies on social engineering to lure you to a fraudulent site; SQL injection, which targets a database by inserting malicious SQL through input fields; and cross-site scripting, which injects malicious code into trusted web pages to run in other users’ browsers. Defenses include anti-clickjacking techniques like frame-busting or frame-ancestors policies and clear UI cues to ensure users know what they are clicking.