This doesn't work with sites that return 'X-Frame-Options: SAMEORIGIN' or 'DENY', which is probably the simplest and best click-jacking countermeasure. It's used by some big sites (e.g. Google), and increasingly used by modern frameworks (e.g. in Django 1.4 it is not yet on by default, but extremely easy to enable - just uncomment one line in the default settings file).

Something to be aware of!