1. #1
    LeeW is offline Gold Member
    Join Date
    Jan 2010
    Posts
    741

    Post Phishing concept called Tabjacking

    Was browsing blogs and came across this interesting article.

    By now most Internet users know what Phishing stands for, or so they think. If you ask them to define phishing most will likely mention that it is about fake emails links that lead to look-a-like copies of popular websites. What most users do not know that their definition of phishing is not entirely correct. Phishing, which stands for Password fISHING, is not exclusive to email. The term hints at that little known fact. Phishing can occur everywhere including Instant Messengers, forums, by social engineering and on plain websites.

    Aza Raskin just posted an interesting article on his blog detailing a new phishing attack that he calls Tabjacking - also refered to as Tabnabbing. The concept of this new attack is ingenious.

    It basically refers to a website that is changing its look and feels to a fake website after some time of inactivity. Here is how it works.

    The web user visits a harmless looking site and decides to keep it open in a tab for now. A JavaScript code on the page notices that and replaces the site’s favicon and title with a popular site. This could be Facebook, Gmail or any other popular website that the user likely uses.

    The website itself will also change its contents so that it looks like the website that the attacker wants to steal login credentials for.

    Many users identify websites in tabs by their favicon and title. This could lead to the user believing that the site is indeed the real website. Clicking on the tab displays what the user expects to see as the copy looks exactly like the original.

    For Gmail it would for instance be the Gmail login form. Users who enter their login credentials into the form will send them right to the attacker. The script on the website will redirect the user to the real website in the end.

    There are obviously a few aspects where users can identify the attack. The url for instance will not reflect the website that is displayed to the user. It is also likely that the site will not make use of https.

    You may also want to learn about Vishing and Smishing scams.
    Last edited by HappyAndyK; 22nd December 2011 at 15:52. Reason: Updated.

  2. #2
    StrayCat is offline Senior Member
    Join Date
    Nov 2009
    Posts
    200

    Default

    Thanks L.W.Something to watch out for!
    That web page you mentioned ,azarask.in, even gives you live proof of how it actually works:
    (read about it in the 'Try it Out' part...)

    You can try it out on this very website (I’ve only tested it in Firefox).
    Click away to another tab for at least five seconds. Flip to another tab. Do whatever. Then come back to this tab.
    PS To those who should worry:don't...the 'tabjacked' page (gmail.com) is only an image.
    Last edited by StrayCat; 25th May 2010 at 23:41. Reason: PS

  3. #3
    HappyAndyK's Avatar
    HappyAndyK is offline Site Administrator
    Join Date
    Jun 2008
    Posts
    7,419

    Default

    Wickedly ingenious!

    Thanks for posting!

  4. #4
    optimus's Avatar
    optimus is offline Windows Enthusiast
    Join Date
    Apr 2010
    Posts
    94

    Default

    seems a nasty phishing method...but,every action is accompanied with equal & opposite reaction..lolz
    Hope AV companies will couteract soon..

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Log in

Log in

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22