.

New phishing attack emerges -- Tabnabbing

<<

Xen

User avatar

Sr. Member
Sr. Member

Posts: 386

Joined: Tue Feb 03, 2009 3:59 am

Post Tue May 25, 2010 1:10 pm

New phishing attack emerges -- Tabnabbing

Aza Raskin, User Interface specialist and creative lead on Mozilla’s Firefox browser described a new type of phishing attack which he called "tabnabbing".

Tabnabbing exploits the fact that most users have multiple tabs open on their browser while browsing the internet. The attacker sends a link to a legitimate looking site. When the webpage detects that the user has moved to a new tab, the javascript code embedded in it 'changes' it to some login page. Unsuspecting users will most likely login to this fake page thinking they opened it and their account is compromised.

In his website, Aza Raskin has actually embedded such a script in this webpage
http://www.azarask.in/blog/post/a-new-t ... ng-attack/
<<

former33t

Full Member
Full Member

Posts: 226

Joined: Sat Feb 14, 2009 12:33 am

Post Tue May 25, 2010 10:17 pm

Re: New phishing attack emerges -- Tabnabbing

That is pretty slick, but I don't regularly log into a form just because it is there.  The power of suggestion is strong, but not that strong (for me anyway).

There are a good number of users that will fall for that though.  Thanks for the heads up.
Certifications: CREA, MCSE: Security, CCNA, Security+, other junk
<<

Data_Raid

User avatar

Full Member
Full Member

Posts: 165

Joined: Fri Nov 09, 2007 5:55 am

Post Wed May 26, 2010 3:54 am

Re: New phishing attack emerges -- Tabnabbing

Nice! Thanks for posting, that's pretty interesting
All men by nature desire knowledge.

Aristotle
<<

clanggedin

Newbie
Newbie

Posts: 17

Joined: Thu May 27, 2010 12:51 pm

Post Fri May 28, 2010 12:08 am

Re: New phishing attack emerges -- Tabnabbing

WOW!!! That is amazing! I am impressed. I was almost tricked by it because I wanted to email my friend that link and I was just in gmail minutes before.
<<

morpheus063

User avatar

Sr. Member
Sr. Member

Posts: 393

Joined: Sun Jun 25, 2006 10:08 am

Location: Cochin - India

Post Fri May 28, 2010 2:26 am

Re: New phishing attack emerges -- Tabnabbing

Apart from FireFox, it works with IE8 too, just checked it :)
Manu Zacharia
MVP (Enterprise Security), ISLA-2010 (ISC)², C|EH, C|HFI, CCNA, MCP,
Certified ISO 27001:2005 Lead Auditor

[b]There are 3 roads to spoil; women, gambling & hacking. The most pleasant with women, the quickest with gambling, but the surest is hacking - c0c0n
<<

clanggedin

Newbie
Newbie

Posts: 17

Joined: Thu May 27, 2010 12:51 pm

Post Fri May 28, 2010 9:22 am

Re: New phishing attack emerges -- Tabnabbing

It also works in the latest version of Chrome too.
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Fri May 28, 2010 1:34 pm

Re: New phishing attack emerges -- Tabnabbing

That definitely has some potential to pwn people, especially if well executed.  We've all seen sessions expiring in gmail, yahoo, etc, for no apparent reason.  I am also careful to check the URL and the certificate when logging in, but I am sure people will be easily fooled by this.
~~~~~~~~~~~~~~
Ketchup

Return to Malware

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software