Tabnabbing is the newest form of phishing attack. You can try out the following series of events to find out as how you can be tabnabbed.
- Log into the demo website , https://www.azarask.in/blog/post/a-new-type-of-phishing-attack/
- After browsing for some time in that website, open a new tab without closing the first tab and visit some other page of your interest.
- While browsing the new second tab, you will notice that the favicon (image you find on the tab which relates to a website) changes to that of a gmail’s red envelope.
- Now go back to the first tab, you will find that the original website is replaced with the login page of gmail. If you check the url you will find that the original url is still there but with gmail login interface!!!
Hacker uses scripts to rewrite a page of average interest with an impersonation of a well-known website, when left unattended for some time. A user who returns after a while and sees the rewritten page may be induced to believe the page is legitimate and enter their login, password and other details that will be used for improper purposes. The attack can be made more likely to succeed if the script checks for well known Web sites the user has loaded in the past or in other tabs, and loads a simulation of the same sites.
How can you protect yourself from tabnabbing?
- Beware of this scam. Whenever you want to login to a web application, start afresh that web application, instead of using an existing login page.
- Get a browser, which has fix for this vulnerability, installed on your PC
- Use a 2 factor authentication system to login to important websites like your bank account (if your bank provides one).
Comments are closed.