You've probably heard the rumors before: sophisticated hackers that can remotely turn on your webcam to spy on your every move while you work or browse the web. The very concept sounds like something out of a B-horror movie, and probably gives you a serious case of the creeps. But you brushed it off because, after all, how much can you actually do to prevent such a hack?

Webcam hacks are actually much more common than you might expect, mainly because the problem has been around for years. Since 2011 to be exact. Which means hackers have had plenty of time to perfect their strategy without much interference. According to online security consultant Egor Homakov, webjacking stems from a clickjacking issue in Adobe Flash Player.

Basically, the hacker uses CSS/HTML to set up a transparent layer on your screen, tricking you into inadvertenly giving your consent by clicking a hidden “allow” button. The button is strategically placed near a area on the screen that you're likely to click. And once you click on the transparent flash object, “it allows access to Camera/Audio channel. Voila, attacker sees and hears you,” says Homakov.

“But I'll be fine if I have anti-virus software and keep my browser up-to-date, right?” Anti-virus software is great, but it doesn't necessarily protect against clickjacking. That's why so many friends end up unintentionally sharing spam onto their Facebook walls — they get clickjacked after clicking a button or link that had malicious content hidden under a transparent layer.

As for browsers, there's even more bad news: Webjacking was recently tested on the latest version of Chrome for Mac and access to users' webcams was granted without a hitch, snapping several pictures without any visible prompt beforehand. The only evidence a hacker was ever there to begin with was a couple of quick on-off blinks of the LED next to the webcam lens. Think you would have noticed those blinks? Are you wondering how many you may have missed in the past? (yeah, so are we.)

Fortunately there are a couple steps you can take for added protection:

  1. Go old school: Manually keep your webcam lens covered when you're not using it. Okay, your family and friends may think you're being a conspiracy theorist, but the webjacking craze isn't slowing down. And now you know the risk. So pass on the knowledge to them!
  2. NoScript: Firefox has an extention called NoScript, which offers anti-XSS and anti-clickjacking protection. NoScript can be disabled for plugins on sites that you've specifically added to your trusted whitelist.
  3. Keep your eyes open: First off, DON'T click on suspicious looking links. But also remember to pay close attention to websites you're redirected to when you do click. Most clickjacking scams will create a similar looking URL to fool you. Read carefully and stay on your toes.