As if all that wasn't enough, the mobile variant is just as formidable. On a smartphone or tablet, a double-tap is ideal for triggering this attack. As touch gestures have become the norm, a user accustomed to quickly validating pop-ups risks being trapped even more quickly.
Fortunately, there are solutions. Website developers can harden their applications by disabling responsive buttons by default until they detect a clear intent (here, a mouse movement or keyboard input). But from the user's side, vigilance is the best shield. Before validating a double-click, you can ensure the legitimacy of the window by checking the site address or by taking the time to read what appears on the screen.
Let's be real: it's hard to resist the automation of double-clicking. Hackers are banking on our habit of wanting to quickly validate captures or complete Captchas as quickly as possible. Keeping in mind that any intermediate screen can potentially be manipulated is a saving reflex.
