'Tabnapping': A New Phishing Technique
By Luciana on May 28, 2010 | Phishing, tabnapping, tabjacking, Mozilla, phishing, Firefox, Internet Explorer, Google Chrome
A Mozilla user interface specialist Aza Raskin has brought out a new phishing technique, called 'tabnapping' or 'tabjacking'. At his blog Raskin claims that this new technique leads a user to what appears to be a genuine site but it seems like this is only used to trick people into giving away login information.
If the user chooses to leave a web page open and clicks a new tab the bogus tab changes itself into a copy of the real site. 'Tabnapping' are able to change the title and the icon displayed on the tab.
Raskin says that the user may lose their vigilance and enter login information onto the malicious site. An interesting thing is that this phishing attack works only on major browsers, such as, Firefox, Internet Explorer and Google Chrome.
For phisher is not very difficult to use few techniques by wanting to track the most frequent web sites that victim is using.
Raskin comments: “Using my CSS history miner, you can detect which site a visitor uses and then attack that site — although this is no longer possible in Firefox betas. For example, you can detect if a visitor is a Facebook user, Citibank user, Twitter user, etc, and then switch the page to the appropriate login screen and favicon on demand."
Raskin's attack leans on JavaScript and can be blocked by browser add-ons such as Noscript. Researcher Avi Raff has published another version of the attack which he said works on Firefox even when Noscript is activated though.
More Phishing news
Free iPhone 5 on Tumblr? Avoid the scam!
Tumblr blogs are blazing with iPhone 5 presentations and giveaways; unfortunately, the news is far from being genuine. "Get the all new iPhone 5" and similar posts are fraudulent and they are only meant to trick people into filling online surveys. Those usually collect personal information which can be sold later.The iPhone5 Tumblr frauds may look quite legitimate as they present most of the posts as written by Tumbrl staff. Read more.- Newest Facebook scam - Russel Brand and Kate Perry leaked tape
- Scammers utilize the closing of Megaupload
- Facebook users attacked once again
- Scammers utilize Facebook's Timeline to their benefit
- New year for Facebook - a Ramnit worm
- New year but the same security problems: Facebook's clickjacking scam spotted
- Be careful as holidays are very profitable season for scammers
- iPhone 4S holiday scam
- iPad scam on Lady Gaga Facebook fan page
- Tumblr accounts harvester spotted
