Monday, June 14, 2010

Tabnapping (New Phishing Technique)

Picture taken by Peishan Tan. She has public d...Image via Wikipedia


Mozilla's Aza Raskin (left) is warning about a new type of phishing attack called tabnabbing.
Unlike traditional phishing attacks which trick people into clicking on links that take them to bogus sites that look legitimate, tabnabbing doesn't require a user to click on a link. But it too can trick people into disclosing their usernames and passwords.
While you're visiting a Web page infected with malicious tabnabbing code, a tab in the background morphs into what appears to be a legitimate site like Gmail or a banking site. To the user it looks quite familiar and since it's not uncommon for people to have multiple tabs open at the same time, it's easy to assume that it really is the site you want to visit. When you click on it, you're not logged in, but that too can seem quite normal since many sites log you out automatically after a period of time. However, if you're a tabnabbing victim and try to log in to the site, you wind up giving your log-in credentials to the tabnabber.


Enhanced by Zemanta

Disqus for ePayment News