New phishing attack emerges — Tabnabbing

Viewing 6 reply threads
  • Author
    Posts
    • #5095
      Xen
      Participant

      Aza Raskin, User Interface specialist and creative lead on Mozilla’s Firefox browser described a new type of phishing attack which he called “tabnabbing”.

      Tabnabbing exploits the fact that most users have multiple tabs open on their browser while browsing the internet. The attacker sends a link to a legitimate looking site. When the webpage detects that the user has moved to a new tab, the javascript code embedded in it ‘changes’ it to some login page. Unsuspecting users will most likely login to this fake page thinking they opened it and their account is compromised.

      In his website, Aza Raskin has actually embedded such a script in this webpage
      http://www.azarask.in/blog/post/a-new-type-of-phishing-attack/

    • #32337
      former33t
      Participant

      That is pretty slick, but I don’t regularly log into a form just because it is there.  The power of suggestion is strong, but not that strong (for me anyway).

      There are a good number of users that will fall for that though.  Thanks for the heads up.

    • #32338
      Data_Raid
      Participant

      Nice! Thanks for posting, that’s pretty interesting

    • #32339
      clanggedin
      Participant

      WOW!!! That is amazing! I am impressed. I was almost tricked by it because I wanted to email my friend that link and I was just in gmail minutes before.

    • #32340
      morpheus063
      Participant

      Apart from FireFox, it works with IE8 too, just checked it 🙂

    • #32341
      clanggedin
      Participant

      It also works in the latest version of Chrome too.

    • #32342
      Ketchup
      Participant

      That definitely has some potential to pwn people, especially if well executed.  We’ve all seen sessions expiring in gmail, yahoo, etc, for no apparent reason.  I am also careful to check the URL and the certificate when logging in, but I am sure people will be easily fooled by this.

Viewing 6 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?