Tabnabbing A New Type of Phishing Attack
A new phishing technique called as "Tabnabbing" Which is getting very popular now a days.
What is Tabnabbing?
Tabnabbing is a new type of phishing attack. It is basically refers to a website that is changing its look and feels to a fake website after some time of inactivity. It is about a page we have been looking at, but will change behind our backs.
How The Attack Works?
A user navigates to a normal looking website. A custom code detects when the page has lost its focus and has not been interacted with for a while. The favicon gets replaced with that of Gmail (or any other website), while the title with “Gmail: Email from Google”, and the page with a Gmail login look-a-like. This can all be done with just a little bit of Javascript that takes place instantly.
As the user scans their many open tabs, the favicon and title can easily fool the user to simply think he left a Gmail tab open. And when he clicks back to the fake Gmail tab, he will see the standard Gmail login page, assume he has been logged out, and provide his credentials to log in. The attack preys on the perceived immutability of tabs.
After the user has entered their login information in this fake page, his username and password will be sent to remote user and he will be redirected to Gmail as in normal Phishing attack.
Commonly Targeted Web sties
These attacks are commonly target towards online Banking websites. All most all banking websites have a security feature in which "If you have logged into your online Banking account and left it idle for a few minutes, it automatically logs you out as a security precaution". So here at this point hackers are attacking the users using this feature Tabnabbing. It is very handy in attacking users of online banking because the users feel that he/she would have logged in to the bank account and the session has expired.
How Can You Protect Yourself From This Attack ?
You can protect yourselves from this attack by using Firefox Browser. Firefox has lots of addons (plugins) which can protect you from this attack or any other phishing attack , if you are thinking of your safety on internet stop using those browsers, switch to Firefox immediately.
Some of the Best Anti-phishing Fire Fox addons are listed below you can use them for your safety
A new phishing technique called as "Tabnabbing" Which is getting very popular now a days.
What is Tabnabbing?
Tabnabbing is a new type of phishing attack. It is basically refers to a website that is changing its look and feels to a fake website after some time of inactivity. It is about a page we have been looking at, but will change behind our backs.
How The Attack Works?
A user navigates to a normal looking website. A custom code detects when the page has lost its focus and has not been interacted with for a while. The favicon gets replaced with that of Gmail (or any other website), while the title with “Gmail: Email from Google”, and the page with a Gmail login look-a-like. This can all be done with just a little bit of Javascript that takes place instantly.
As the user scans their many open tabs, the favicon and title can easily fool the user to simply think he left a Gmail tab open. And when he clicks back to the fake Gmail tab, he will see the standard Gmail login page, assume he has been logged out, and provide his credentials to log in. The attack preys on the perceived immutability of tabs.
After the user has entered their login information in this fake page, his username and password will be sent to remote user and he will be redirected to Gmail as in normal Phishing attack.
Commonly Targeted Web sties
These attacks are commonly target towards online Banking websites. All most all banking websites have a security feature in which "If you have logged into your online Banking account and left it idle for a few minutes, it automatically logs you out as a security precaution". So here at this point hackers are attacking the users using this feature Tabnabbing. It is very handy in attacking users of online banking because the users feel that he/she would have logged in to the bank account and the session has expired.
How Can You Protect Yourself From This Attack ?
You can protect yourselves from this attack by using Firefox Browser. Firefox has lots of addons (plugins) which can protect you from this attack or any other phishing attack , if you are thinking of your safety on internet stop using those browsers, switch to Firefox immediately.
Some of the Best Anti-phishing Fire Fox addons are listed below you can use them for your safety
- Wot
- Don't Phish me
- Netcraft
- FirePhish
