Your browser is obsolete!

The page may not load correctly.

  • add to favourites
    Add to Bookmarks

Close the tabs as you leave

Read: 22677 Comments: 2 Rating: 12

Friday, March 16, 2018

Browser tabs are a very convenient feature: you can switch between tabs instead of opening a page over and over again. But the number of opened tabs can grow over time and reach 100 or even more.

In this case many tabs opened long ago linger for months or even years without anyone visiting them. So it's hardly surprising that the design of the pages being loaded in these tabs may change during that time.

That’s to be fully expected, right?

  1. The attacker lures the user onto their site, one that looks exactly the way the user expects it to.
  2. The attacker determines that the user hasn't performed any actions on the page for quite some time or has probably even switched to a different tab.
  3. While the tab is inactive, its favicon is replaced by that of a site whose page the attacker needs to fake.
  4. The page's content is altered to display a sign-in box on the fake website.
  5. When the user returns to the tab, they are likely to enter their login and password without thinking.
  6. Once the credentials are hijacked, the user can easily be redirected to the legitimate site since they have already signed in there and will be expecting to see just that.

https://habrahabr.ru/post/236387

This phishing technique is called Tabnabbing. Like other phishing attacks, it takes advantage of the user’s trust and inattention. The above scheme is used to steal logins and passwords—essentially, it involves adding new elements to a webpage. But attackers can use this technique for other purposes.

They don't have to perform step 3 and replace the icon. They can just wait a while and replace a site's content.

A demonstration and comments can be found here. Open the link and then switch to a different tab for as little as five seconds. And here is one more thing worth considering:

This deception technique has one flaw—the URL in the address bar will be different. But do we always pay attention to it? Besides, with the advent of internationalised domain names using Unicode, one can use characters from a different alphabet or script to fake an URL.

http://www.znm.ru/tabnabbing-novyj-vid-fishinga-193

#browser #site #phishing #JavaScript

The Anti-virus Times recommends

The attacker determines that the user hasn't performed any actions on the page for quite some time or has probably even switched to a different tab. JavaScript code is used for this purpose. The code can be deployed beforehand or after the user has loaded the page in their browser. Therefore:

  • Maintain your vigilance!
  • Close unused tabs.
  • Remember what your anti-virus does—it checks all running scripts.
  • Enable the Parental Control—it prevents browsers from loading dubious content.
  • Don't forget to disable JavaScript on the pages you are opening.

[Twitter]

Tell us what you think

To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.

Comments