Tabnabbing is using the same phishing concepts which we were using previously. But, there are slight changes made to our conventional Phishing method.
Requirements for attack:
- The attacker must have a website.
- The attacker has to embed javascript file(necessary for phishing) in his website.
- Tabnabbing implements multi-tabbing advantage. So, user must browse with multiple tabs.
How Tabnabbing works???
- The user visits the attacker site which looks normal at first.
- The user switches from this attacker site tab and opens another site in new tab, leaving this attacker site tab open. Assume that user opens many tabs.
- While the user browses another site, the attacker site which is left open in previous tab changes or redirects itself to a phishing page say Gmail login.
- Now, when the user returns back to this tab, he may not remember exactly which site he had opened. He will now see fake Gmail login and will think that he has left this Gmail login tab open.
So, now, without checking out url of the site, the user is most probable of logging in to his account.
- Once he enters his login userid and password in our phisher, this information is sent to our inbox or any online account. Thus, his account hacked using this Tabnabbing.
The most useful way to remain protected from such attacks is to reside on addons like Secure Login for logging in to any online account. So, when you return to attacker website(which has been redirected to phisher), the addon Secure Login will check for url and will show the message:
"No login data found for this page"
So, even if the attacker website has changed itself to phisher and the user has forgotten to check it's url, Secure Login will alert user that page is a phisher. Also, it is expected that various browsers will soon release a fix for this hack.
So friends, beware of this new phishing attack - Tabnabbing and protect your online accounts. Remember, Secure Login is the best solution to phishing attacks. If you have any views on this new phishing attack, please share it with us in comments.
Requirements for attack:
- The attacker must have a website.
- The attacker has to embed javascript file(necessary for phishing) in his website.
- Tabnabbing implements multi-tabbing advantage. So, user must browse with multiple tabs.
How Tabnabbing works???
- The user visits the attacker site which looks normal at first.
- The user switches from this attacker site tab and opens another site in new tab, leaving this attacker site tab open. Assume that user opens many tabs.
- While the user browses another site, the attacker site which is left open in previous tab changes or redirects itself to a phishing page say Gmail login.
- Now, when the user returns back to this tab, he may not remember exactly which site he had opened. He will now see fake Gmail login and will think that he has left this Gmail login tab open.
So, now, without checking out url of the site, the user is most probable of logging in to his account.
- Once he enters his login userid and password in our phisher, this information is sent to our inbox or any online account. Thus, his account hacked using this Tabnabbing.
The most useful way to remain protected from such attacks is to reside on addons like Secure Login for logging in to any online account. So, when you return to attacker website(which has been redirected to phisher), the addon Secure Login will check for url and will show the message:
"No login data found for this page"
So, even if the attacker website has changed itself to phisher and the user has forgotten to check it's url, Secure Login will alert user that page is a phisher. Also, it is expected that various browsers will soon release a fix for this hack.
So friends, beware of this new phishing attack - Tabnabbing and protect your online accounts. Remember, Secure Login is the best solution to phishing attacks. If you have any views on this new phishing attack, please share it with us in comments.
0 comments:
Post a Comment