Friday, June 4, 2010

New Phishing Technique - TabNabbing

Looks like there's a new phishing technique you need to be wary about.
Phishing attacks rely on dummy fake sites looking exactly like real one to try and capture your login and password details. Google's Gmail and online banking accounts are prime candidates for this type of attack.

That's why it's recommended to always type the URL of the site manually, instead of relying on bookmarks or online links - to make sure you're not in such a phishing site.

Knowing that people will suspect going to a different URL and being presented a site similar to an "official" one, this new technique of phishing is much more clever: as you visit the phishing site, it behaves just like any ordinary site with its own unique content.... but as soon as you leave it for a moment (people usually have dozens of tabs open) it modifies itself - title and icon included - to look like another site.

As you're navigating through your open tabs, you're much more likely to think this is indeed a forgotten tab you've failed to login, and enter your details.

Once again, be cautious about these kind of stuff:
  • keep your system protected against spyware/malwaremalware/spyware
  • always enter the URL manually whenever you want to access "sensitive" sites
  • use the least vulnerable browser you can
  • use your browser "private browsing" mode to use online banking without leaving a trace

A New Type of Phishing Attack from Aza Raskin on Vimeo.

No comments:

Post a Comment

Related Posts with Thumbnails

Amazon Store