Here's a scary new phishing tactic that computer whiz Aza Raskin discovered and exposed. It's called Tabnapping, and it changes the look of a web page when you aren't looking. A user opens a tab then goes to another tab. During that time, the page turns into a fake log in screen for some other site. If the user has forgotten what it was originally, he/ she might go ahead and fill in the log in info which in effect turns it over to the phishers. Insidious.
Mr. Raskin explains it in Tabnabbing: A New Type of Phishing Attack, and as a bonus, he has set up that page to serve as an example. Simply open the site in a tab, then go to another tab, wait 5 seconds, then go back to that tab to see a screenshot of the Gmail log in screen.
At the moment user diligence seems to be the only defense according to How to foil Web browser 'tabnapping'. So it pays to pay attention to the URL in the address line.
Comments