Tabnabbing: Beware of New Type of Phishing Attack

Tabnabbing - New Type of Phishing Attack :

Tabnabbing is using the same phishing concepts which we were using previously. But, there are slight changes made to our conventional Phishing method.

Requirements for attack:

- The attacker must have a website.
- The attacker has to embed javascript file(necessary for phishing) in his website.
- Tabnabbing implements multi-tabbing advantage. So, user must browse with multiple tabs.

How Tabnabbing works???

- The user visits the attacker site which looks normal at first.
- The user switches from this attacker site tab and opens another site in new tab, leaving this attacker site tab open. Assume that user opens many tabs.
- While the user browses another site, the attacker site which is left open in previous tab changes or redirects itself to a phishing page say Gmail login.
- Now, when the user returns back to this tab, he may not remember exactly which site he had opened. He will now see fake Gmail login and will think that he has left this Gmail login tab open.
So, now, without checking out url of the site, the user is most probable of logging in to his account.
- Once he enters his login userid and password in our phisher, this information is sent to our inbox or any online account. Thus, his account hacked using this Tabnabbing. 



Post a Comment