Home

The latest scam YOU need to be aware of: 'tabnabbing'

Posted on June 10, 2010 - 6:55pm

Think ‘tabnabbing’ sounds like the latest prank involving filing supplies and the office clown? Think again.  Tabnabbing (also referred to as tabnapping) is a new type of phishing attack that is sweeping the internet.  Most phishing scams rely on you clicking on an imbedded link or downloading a file you find in a suspect email, sketchy website or a pop up window.  Tabnabbing occurs in the background after your focus shifts away from a malicious or compromised site.   

“What we don’t expect is that a page we’ve been looking at will change behind our backs, when we aren’t looking. That’ll catch us by surprise,” Said Aza Raskin, Firefox's creative lead who identified the attack.  “Most people keep multiple tabs open, often for long periods.”

This attack uses JavaScript to discretely change the contents of an open but not active tab in your browser to look like the log-in screen of a bank, credit card company, popular retail site, social networking site or email provider.  This page transformation only occurs after the page becomes “inactive” while a victim moves to another tab or open program. The scammers are relying on users thinking they left a login page tab open.   

"When they click back to the fake tab, they'll see the standard Gmail log-in page, assume they've been logged out, and provide their credentials to log in," says Raskin.

Raskin was able to recreate “tabnabbing” on his own blog to show users what to look for.  You can try it here. After clicking the link, open a new tab, or simply click away from the page for a few seconds and then go back to the original tab.  While the URL hasn’t changed, the original blog content you saw only moments ago has been replaced with what appears to be a Gmail login page.  In this case the Gmail login page is just an image; however, in the case of an actual tabnabbing attack the page will be a functional login form.

In an actual attack after the user enters their login information, it’s sent it back to the attacker, and then the victim redirected back to the site they think they are logging into. This often goes completely
undetected because often the victim was never logged out in the first place, and it will simply appear as if the login was successful, never realizing that they just handed over the all credentials the attacker needed to access their account.   

It is even possible for attackers to detect which sites are in your history as well as what sites you are currently logged into and then customize the fake page to resemble a site you often use or are currently logged into, making this form of attack extremely effective and difficult to detect.  All major browsers are susceptible to this attack.  

Here’s what to watch for and how to avoid a potential tabnabbing attack and keep your identity, information, and login credentials safe:

Don't log-in on a tab that you haven't opened yourself. Since the tabnabbing tactic banks on you trusting that you opened the tab -- and that the site simply timed out -- the best defense is this offensive move. In other words, if you see a tab that contains a seemingly-legit log-in form, close it, then head to the site yourself in a new tab.

Enable browser settings and filters that will alert you to potential attacks. For Internet Explorer (IE) use SmartScreen. In Firefox and Chrome it's called "Phishing and Malware Protection;" Safari doesn't give it a name, but offers a setting that reads, "Warn when visiting a fraudulent website" in the Security section of its Preferences settings.

Look at the URL in your browser's address bar before filing in any form or giving out any personal information and verify the URL matches the login page. If there’s a discrepancy, close the tab
immediately.

Use a password manager. Third-party browser password managers like RoboForm for Windows or 1Password for Mac link saved log-in usernames and passwords to a specific URL. When you save the username and password on the log-in page of the legitimate site, the password manager won't auto enter the username and password into a non-matching URL which should alert you to a possible tabnabbing attempt.

For more info on avoiding Tabnapping read ComputerWorld’s How to Foil Web Browser Tabnapping.

2 commentsRead/add comments
Bookmark/Search this post with:
Tags:

Comments

for password protection i

Submitted by Ano (not verified) on July 6, 2010 - 4:11am.

for password protection i prefer to use ProteMac LoginTrap (protemac.com)

TAB-NAPPING

Submitted by LDK/Anonymous (not verified) on March 19, 2011 - 3:41pm.

Thank you for confirming my OWN THOUGHTS on my own SMART PHONE,  DROID 2...This has caused me SO many Problems..I first picked it up at a REAL site askLAWYERS.com  but we blink, then I guess i got slamed with a EMAIL site instead asking for Credit card INFO..but I noticed the little GLOBE wasnt spinning on top. so Checked out LOWER Veri check,  BUT addreses didnt match. So I LOOKED at that address.  at the time I just thought AKAMIA is a strange name. But again this happened at NORTHwESTRN MEMORIAL HOSP,in EVANSTON ILL. Just like now wasting so much time trying to e..rase a letter this problem is driving me nuts...on this VERISON/MOTOROLA/COMUNNIST CHINA PHONE.   They kept DENIKYING a cell phone couldnt get a VIRUS or SOMETHING is PHINPHISHING my Facebook over over again..WHY, then at the Hosp site, it swithch while I must of BLINMED, so again I checked site..again...AKAMIA,,then it dawn on me this is their calling card..AKA..AS KNOWN AS, then MIA/ MISSING IN ACTION.  Ive tried to  past this on to SAn Fran POLICE, Google out there,+ AskLAWYER .com, VERISON is putting pressure on me to just turn in my cell, But can the PROBLEM come with me on my MEMORY CARD??? I need help on this phone,please. When I first used it, it had a letter/mail with a HAMMER & cyckle on it!! PLus RUSSIAAN writting..why??  Do you know of anything..iis this how messages are passed over the ocean, and I got the WRONG CELL? I have seen  BIBLICAL STUFF , thev PALESTENIENS will take over and enter the land with  BO....& M...cant remember the names right now,with Computor code inbetween these other words in ENGLISH..plus ever time I write a very llong  Email, it disappears..so sendind off before again Im frustrated... HELP with this DROID 2...is any one else  having or speaking uP I toldVERISON , since you have most of the TOWERS,maybe COMMUNIST CHINA wants usa people to get MAD at your phones to lower stock $ to take over companies. Aslo Motorola..puttong pressureon USA companies do DO IT THEIR COMMINIST way or they play dirty???  5het want usa ..

..L

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd><p><br><blockquote>
  • Lines and paragraphs break automatically.

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Image CAPTCHA
Enter the characters shown in the image.