A new method for phishing - Tabnabbing
|
D-SWAT
Aza Raskin, Mozilla's Creative Lead for Firefox, discovered a new method for phishing and public at his site:
http://www.azarask.in/blog/post/a-new-type-of-phishing-attack/
A traditional phishing attack is like: an e-mail that asks you to click on a link and enter your account and password or other personal information at the resulting site. But the new method called "tabnabbing" uses JavaScript to alter the content of a page opened in a browser tab when the page has lost its focus and hasn't been interacted with for a while.
Raskin posted on his blog:
Most phishing attacks depend on an original deception. If you detect that you are at the wrong URL, or that something is amiss on a page, the chase is up. You've escaped the attackers. In fact, the time that wary people are most wary is exactly when they first navigate to a site. What we don't expect is that a page we've been looking at will change behind our backs, when we aren't looking. That'll catch us by surprise.
A video demonstrating of "tabnabbing" also can be found at Raskin's blog.
References:
http://isc.sans.org/diary.html?storyid=8854
http://www.azarask.in/blog/post/a-new-type-of-phishing-attack/
http://www.security.nl/artikel/33401/1/Duivelse_nieuwe_phishingaanval_gebruikt_tabs.html
http://news.softpedia.com/news/Mozilla-Expert-Describes-New-Phishing-Method-142980.shtml
|
The information from DrayTek Corp.
About DrayTek
DrayTek Corp., founded in 1997, is a global provider
of comprehensive network security, remote access
and VoIP solutions for residential/small office
and Small and Medium Enterprises(SME) use. To
meet the needs of customers for quality and cost-effectiveness,
DrayTek, with technologies integrated with real-time
Anti-Virus/Anti-Intrusion system, VPN, VoIP and
xDSL broadband access, has successfully delivered
total network protection worldwide. For more information,
please visit the company's website at http://www.draytek.com.
Press Contact:
DrayTek Marketing Dept.
press@draytek.com |
