Tabnapping: New Phishing Technique

Tabnapping: New Phishing Technique

PostBy: Richard S. On: Sun May 30, 2010 9:19 am

Careful of this one, a lot of people could very easily fall for it if you commonly have multiple tabs open in your browser. This page actually provides an example,

http://www.azarask.in/blog/post/a-new-t ... ng-attack/

After you read how it works you can click on another tab, watch as the tab will turn to Gmail icon and description and when you go back it will "gmail login" page. It's just an image to provide an example.

How The Attack Works

1. A user navigates to your normal looking site.
2. You detect when the page has lost its focus and hasn’t been interacted with for a while.
3. Replace the favicon with the Gmail favicon, the title with “Gmail: Email from Google”, and the page with a Gmail login look-a-like. This can all be done with just a little bit of Javascript that takes place instantly.
4. As the user scans their many open tabs, the favicon and title act as a strong visual cue—memory is malleable and moldable and the user will most likely simply think they left a Gmail tab open. When they click back to the fake Gmail tab, they’ll see the standard Gmail login page, assume they’ve been logged out, and provide their credentials to log in. The attack preys on the perceived immutability of tabs.
5. After the user has entered their login information and you’ve sent it back to your server, you redirect them to Gmail. Because they were never logged out in the first place, it will appear as if the login was successful.
Richard S.
 
Stoker Coal Boiler: Van Wert VA1200
Coal Size/Type: Buckwheat/Anthracite

Re: Tabnapping: New Phishing Technique

PostBy: Yanche On: Sun May 30, 2010 11:06 am

Wow, this is scary. I use tab browsing all the time and I'll have to be much more careful. Lately I've been a little lazy and not re-booting my computer with Knoppix when I go to financial sites. I'll end being lazy right now!

For those of you not familar with Knoppix, it's a complete Linux based operating system on a CD. You boot your computer from your CD not your hard drive. All programs like your browser are on the CD. You do not use your hard drive at all. A portion of your computer's RAM serves as a temporary disk drive. What all this means even if you go to a malware loaded site it can't hurt you because when you turn your computer off all the downloaded data is lost. Great for online banking, which is what I use it for. Even if the programs on the CD have a software flaw, it's unlikely it will harm you because the hard drives can't be written to.
Yanche
 
Stoker Coal Boiler: Alternate Heating Systems S-130
Coal Size/Type: Anthracite Pea

Re: Tabnapping: New Phishing Technique

PostBy: Richard S. On: Sun May 30, 2010 12:03 pm

Scary it is because this could easily fool anyone, most are not going to look at URL in open tab nor will they remember what was on that tab.

I'd imagine you'll see all major browsers implementing a feature to lock the content on a tab.
Richard S.
 
Stoker Coal Boiler: Van Wert VA1200
Coal Size/Type: Buckwheat/Anthracite


Re: Tabnapping: New Phishing Technique

PostBy: Patch On: Mon May 31, 2010 7:42 am

Thank-you, Richard. Much appreciate your words of warning.

john
Patch
 

Re: Tabnapping: New Phishing Technique

PostBy: WNY On: Mon May 31, 2010 7:57 am

I SAW THAT on another site.....
WNY
 
Hot Air Coal Stoker Stove: Keystoker 90K, Leisure Line Hyfire I
Coal Size/Type: Rice
Stove/Furnace Make: Keystoker, LL & CoalTrol
Stove/Furnace Model: 90K, Hyfire I, VF3000 Soon