Clickjacking is a trick where a website hides something dangerous behind something that looks safe, so you click without knowing what you're really clicking.

How it works

A malicious site can load another site (like your bank) inside an invisible frame. It then places fake buttons or content on top. You think you're clicking "Play Video" or "Like" but really your click goes through to the hidden site and does something serious, like transferring money or changing settings.

Analogy

It's like someone putting a thin sheet of paper with fake text over a contract. You think you're signing a guestbook, but your pen goes through the paper and signs the contract underneath. You believe it's harmless, but the hidden trick changes the outcome.