Clickjacking attack is based on a functionality that is widely used in the web nowadays – frames. Frames allow you to nest one webpage or widget in another page – this is now used for login pages, commenting, previewing content in CMSes, for JavaScript interactions and a million other things. The most common form of it is when an attacker creates a webpage and tricks the visitor to click somewhere (on a link, button, image) Attacker in the code of his website includes a victim website (like Facebook, your webmail, amazon) that is cleverly hidden from the user and placed so that a user actually clicks on the victim website.”]
Source: http://blog.kotowicz.net/2009/12/5-ways-to-prevent-clickjacking-on-your.html