Tabbed browsing is an integral part of modern day browsers. It is so convenient to use, that once you are habitual of using tabbed browsing, you just cannot imaging your life surfing without tabbed browsing.
And this very fact has been used by a new kind of phishing attack. This has been loosely termed as TabNabbing.
What is TabNabbing
The most popular phishing attacks take the help of fictitious URLs, which look alike the original one and try to deceive the innocent user by creating a web page similar to the original URL.
But, this new phishing trick loads the original page normally and keeps track of the user focus. If it changes to some other open tab in the browser, then suddenly the embedded malicious script in the infected page, changes the favicon and content of the page to look similar to a popular page like gmail.com.
The innocent user, when return to this tab, may forget what were the original contents on this tab and may think that he is seeing this login page because he might have been logged out of this application. Once he enters his login information, that is captured by the phishing server and the job is done.
See the video below to understand how this phishing takes place.
To know more about the attack, visit http://www.azarask.in/blog/post/a-new-type-of-phishing-attack/.
You can follow us on Google+.