Browser Phishing Made Easy: Tabnapping

By Baselinemag  |  Posted 2010-05-26 Email Print this article Print
 
 
 
 
 
 
 

The attack, dubbed tabnapping, was uncovered by Aza Raskin, creative lead for Mozilla Firefox, and affects all the major browsers on Windows and Mac OS X. New security research is shining a light on an attack technique that can be used to trick users into entering their personal information on phishing sites.

A new attack technique takes advantage of open browser tabs to launch phishing sites without the user's knowledge. The attack can be carried out in Firefox, Internet Explorer and other major browsers.

Raskin's proof-of-concept attack takes advantage of users who keep multiple tabs open. If the user visits a malicious site or one that has been compromised, the attacker can silently change the contents and label of an open, inactive tab to resemble the log-in screen of another site, such as Google Gmail.

READ MORE >>


 
 
 
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...

Manage your Newsletters: Login   Register My Newsletters