Tabnapping (New Phishing Technique)

Image via Wikipedia

From CNET Blog by Larry Magid

Mozilla's Aza Raskin (left) is warning about a new type of phishing attack called tabnabbing.

Unlike traditional phishing attacks which trick people into clicking on links that take them to bogus sites that look legitimate, tabnabbing doesn't require a user to click on a link. But it too can trick people into disclosing their usernames and passwords.

While you're visiting a Web page infected with malicious tabnabbing code, a tab in the background morphs into what appears to be a legitimate site like Gmail or a banking site. To the user it looks quite familiar and since it's not uncommon for people to have multiple tabs open at the same time, it's easy to assume that it really is the site you want to visit. When you click on it, you're not logged in, but that too can seem quite normal since many sites log you out automatically after a period of time. However, if you're a tabnabbing victim and try to log in to the site, you wind up giving your log-in credentials to the tabnabber.

Related articles by Zemanta

• Tabnapping Is a New Browser Security Threat (livescience.com)


• Tabnabbing: A New Type of Phishing Attack (downes.ca)


• TabNabbing: Phishing By Switching Background Tab Content (ajaxian.com)


• New Type of Phishing Attack Goes After Your Browser Tabs (mashable.com)


• The Tech Herald: Tabnapping! Quick call the fuzz! (boxofmeat.net)


• Tech Thursday - tabnabbing, clickjacking, framebusting and the price of pacman (developer.yahoo.net)


• Protect your browser from "tabnabbing" (tuaw.com)


• Researcher warns of browser 'tabnapping' (news.cnet.com)


• Likejacking & Tabnapping (schott.blogs.nytimes.com)


• Tabnabbing: Like phishing within browser (podcast) (news.cnet.com)