This hack is classic clickjacking. I created a transparent iframe containing a product page on amazon.com that had been carefully positioned so when you think you’re clicking on my page, you’re actually clicking the “Buy now” button on their site instead. Here’s the link to the code for the no longer working proof of concept: https://gist.github.com/joshfraser/819308dbae43ff70d892