Cougar Alerts‎ > ‎

Scary new phishing tactic appears

posted May 27, 2010, 5:05 AM by Ken Akers   [ updated Jun 2, 2010, 5:14 AM ]
Wow. Phishers are already looking for new and creative techniques. This article outlines the relatively new tactic of tabnapping. Thanks to for the informative article.

Computerworld - A Mozilla employee yesterday outlined a sly new attack tactic dubbed "tabnapping" that can dupe users into giving up passwords by secretly changing already-open browser tabs.

All of the major browsers on Windows and Mac OS X are vulnerable to the attack.

Aza Raskin, Firefox's creative lead, spelled out the scenario, which is striking in its assumption: Most people keep multiple tabs open, often for long periods.

Raskin's technique requires that identity thieves trick users into visiting a malicious or compromised site -- no problem in today's spam- and scam-infected online world. They can then use JavaScript to quietly change the contents and label of an open-but-not-active tab to resemble the log-in screen of a bank or credit card company or or Gmail.