Friends, hackers are getting smarter and smarter everyday. Nowadays most people are aware of the phishing attacks and are protecting themselves from it. So as a remedy hackers developed a technique call Tabnabbing to steal account passwords. So here we go...
What is Tabnabbing ?
Tabnabbing is a new type of phishing attack. It basically refers to a website that is changing its look and feels to a fake website after some time of inactivity. It is about a page we’ve been looking at, but will change behind our backs, when we aren’t looking
How The Attack Works ?
A user navigates to a normal looking website. A custom code detects when the page has lost its focus and hasn’t been interacted with for a while. The favicon gets replaced with that of GMail (or any other website), while the title with “Gmail: Email from Google”, and the page with a Gmail login look-a-like. This can all be done with just a little bit of Javascript that takes place instantly.
As the user scans their many open tabs, the favicon and title can easily fool the user to simply think he left a Gmail tab open. When he clicks back to the fake Gmail tab, he’ll see the standard Gmail login page, assume he has been logged out, and provide his credentials to log in. The attack preys on the perceived immutability of tabs.
After the user has entered their login information ,He is redirect to Gmail.as in Normal Phishing attack.
Commonly Targeted Web sties:
These attacks are commonly target towards Online Banking websites , But why Online Banking websites ?All most all banking websites have a security feature in which " If you have logged into your online Banking account and left it idle for a few minutes, it automatically logs you out as a precaution " .Due to this feature Tabnabbing is very handy in attacking users of online banking because the users feel that he/she would have logged in to the bank account and the session has expired.
How Can You Protect Yourself From This Attack ?
You can protect yourselves from this attack by using Firefox Browser. But Why Firefox ? Because Firefox has lots of addons (plugins) which can protect you from this attack or any other phishing attack ,so stop using your crappy web browsers such Internet explorer, switch to Firefox
0 nhận xét