New phishing attack emerges — Tabnabbing

Viewing 6 reply threads
  • Author
    • #5095

      Aza Raskin, User Interface specialist and creative lead on Mozilla’s Firefox browser described a new type of phishing attack which he called “tabnabbing”.

      Tabnabbing exploits the fact that most users have multiple tabs open on their browser while browsing the internet. The attacker sends a link to a legitimate looking site. When the webpage detects that the user has moved to a new tab, the javascript code embedded in it ‘changes’ it to some login page. Unsuspecting users will most likely login to this fake page thinking they opened it and their account is compromised.

      In his website, Aza Raskin has actually embedded such a script in this webpage

    • #32337

      That is pretty slick, but I don’t regularly log into a form just because it is there.  The power of suggestion is strong, but not that strong (for me anyway).

      There are a good number of users that will fall for that though.  Thanks for the heads up.

    • #32338

      Nice! Thanks for posting, that’s pretty interesting

    • #32339

      WOW!!! That is amazing! I am impressed. I was almost tricked by it because I wanted to email my friend that link and I was just in gmail minutes before.

    • #32340

      Apart from FireFox, it works with IE8 too, just checked it 🙂

    • #32341

      It also works in the latest version of Chrome too.

    • #32342

      That definitely has some potential to pwn people, especially if well executed.  We’ve all seen sessions expiring in gmail, yahoo, etc, for no apparent reason.  I am also careful to check the URL and the certificate when logging in, but I am sure people will be easily fooled by this.

Viewing 6 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.


Sign in with Caendra

Forgot password?Sign up

Forgot your details?