Submission + - Tabnapping - A new type of "phishing" scam (scam-detectives.co.uk)
scamdetect writes: User Interface specialist and creative lead on Mozilla’s Firefox browser Aza Raskin has outlined a brand new variant on “phishing” attacks which he has christened “Tabnapping”.
Traditionally, “Phishing” has relied upon convincing users to click on a link in an email to take them to a fake website such as their bank, credit card issuer or email account. Once the user logs in to the fake site, their details are transmitted to the fraudster and the account is immediately compromised. Public awareness of “phishing” emails is now relatively high and most people know not to click on links in emails appearing to come from such organisations.
“Tabnapping” relies on the user believing that it is impossible for the content of a tab to change while you’re not looking. You may click on a link in Twitter, Facebook or a “sponsored link” in Google which will load a genuine webpage that delivers the content it promises. If you then click away from that site, leaving it open in a “tab” whilst viewing another website, the content of the original tab will change to a fake log-in page impersonating one of the websites you visit most often, be that Facebook, Gmail, Hotmail or your online banking account. You then scan back through your tabs and believe you’ve left the site open and have been logged out, so you log back in again, instantly transmitting your details to the fraudster.
Traditionally, “Phishing” has relied upon convincing users to click on a link in an email to take them to a fake website such as their bank, credit card issuer or email account. Once the user logs in to the fake site, their details are transmitted to the fraudster and the account is immediately compromised. Public awareness of “phishing” emails is now relatively high and most people know not to click on links in emails appearing to come from such organisations.
“Tabnapping” relies on the user believing that it is impossible for the content of a tab to change while you’re not looking. You may click on a link in Twitter, Facebook or a “sponsored link” in Google which will load a genuine webpage that delivers the content it promises. If you then click away from that site, leaving it open in a “tab” whilst viewing another website, the content of the original tab will change to a fake log-in page impersonating one of the websites you visit most often, be that Facebook, Gmail, Hotmail or your online banking account. You then scan back through your tabs and believe you’ve left the site open and have been logged out, so you log back in again, instantly transmitting your details to the fraudster.
