Close the tabs as you leave
Friday, March 16, 2018
Browser tabs are a very convenient feature: you can switch between tabs instead of opening a page over and over again. But the number of opened tabs can grow over time and reach 100 or even more.
In this case many tabs opened long ago linger for months or even years without anyone visiting them. So it's hardly surprising that the design of the pages being loaded in these tabs may change during that time.
That’s to be fully expected, right?
- The attacker lures the user onto their site, one that looks exactly the way the user expects it to.
- The attacker determines that the user hasn't performed any actions on the page for quite some time or has probably even switched to a different tab.
- While the tab is inactive, its favicon is replaced by that of a site whose page the attacker needs to fake.
- The page's content is altered to display a sign-in box on the fake website.
- When the user returns to the tab, they are likely to enter their login and password without thinking.
- Once the credentials are hijacked, the user can easily be redirected to the legitimate site since they have already signed in there and will be expecting to see just that.
This phishing technique is called Tabnabbing. Like other phishing attacks, it takes advantage of the user’s trust and inattention. The above scheme is used to steal logins and passwords—essentially, it involves adding new elements to a webpage. But attackers can use this technique for other purposes.
They don't have to perform step 3 and replace the icon. They can just wait a while and replace a site's content.
A demonstration and comments can be found here. Open the link and then switch to a different tab for as little as five seconds. And here is one more thing worth considering:
This deception technique has one flaw—the URL in the address bar will be different. But do we always pay attention to it? Besides, with the advent of internationalised domain names using Unicode, one can use characters from a different alphabet or script to fake an URL.
The Anti-virus Times recommends
The attacker determines that the user hasn't performed any actions on the page for quite some time or has probably even switched to a different tab. JavaScript code is used for this purpose. The code can be deployed beforehand or after the user has loaded the page in their browser. Therefore:
- Maintain your vigilance!
- Close unused tabs.
- Remember what your anti-virus does—it checks all running scripts.
- Enable the Parental Control—it prevents browsers from loading dubious content.
- Don't forget to disable JavaScript on the pages you are opening.
Tell us what you think
To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.
Comments
Неуёмный Обыватель
23:55:20 2018-07-27
vasvet
07:06:48 2018-07-17