Interesting Phishing Concept Tabjacking - gHacks Tech News

Interesting Phishing Concept Tabjacking

By now most Internet users know what phishing stands for, or so they think. If you ask them to define phishing most will likely mention that it is about fake email links that lead to look-a-like copies of popular websites.

What most users do not know is that their definition of phishing is not entirely correct. Phishing, which stands for Password fISHING, is not exclusive to email. The term hints at that little known fact. Phishing can occur everywhere including Instant Messengers, forums, by social engineering, in the search results or on plain websites.

Aza Raskin just posted an interesting article on his blog detailing a new phishing attack that he calls Tabjacking. The concept of this new attack is ingenious.

It basically refers to a website that is changing its look and feel to a fake website after some time of inactivity. Here is how it works.

The web user visits a harmless looking site and decides to keep it open in a tab for the time being. A JavaScript code on the page notices that and replaces the site's favicon and title with a popular site's one. This could be Facebook, Gmail or any other popular website that the user likely uses.

The website itself will also change its contents so that it looks like the website that the attacker wants to steal login credentials for.

Many users identify websites in tabs by their favicon and title. This could lead to the user believing that the site is indeed the real website. Clicking on the tab displays what the user expects to see as the copy looks exactly like the original.

For Gmail it would for instance be the Gmail login form. Users who enter their login credentials into the form will send them right to the attacker. The script on the website will redirect the user to the real website in the end.

There are obviously a few elements left that the user can use to identify the attack. The url for instance will not reflect the website that is displayed to the user. It is also likely that the site will not make use of https.

Take a look at Aza's blog post for additional information about the attack including codes, fixes and lots of user comments.

Advertisement

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:


Previous Post: «
Next Post: »

Comments

  1. kalmly said on May 26, 2010 at 3:52 pm
    Reply

    Aza’s blog post link gave me 403 error:
    Forbidden
    You don’t have permission to access /blog/posta-new-type-if-phishing-attack/ on this server.

  2. Tobey said on May 28, 2010 at 10:57 am
    Reply

    Ingeniously dangerous concept indeed. Thanks for the heads up.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.