27 May 2010
New phishing method attacks browser tabs
A new phishing attack has emerged, called tabnabbing, and is threatening internet security for even the most casual web surfer, Mashable reports. What makes tabnabbing so dangerous is its opposite approach used to spread.
In normal phishing scams, cybercriminals get users to click on malicious links that then bring users to malicious pages and ask for information. Tabnabbing, however, creates its own malicious page and hides it in an open browser's tabs to disguise it.
For instance, a user can be looking a page on one tab, while other open tabs link to email and bank accounts. While the user goes about his or her business, the attack loads a new page, but put its over a pre-existing tab and then asks for log-in information. Since the user knew that tab was opened legitimately, he or she might think the page just needs to be reloaded with information. When the user then enters the information, an internet attacker receives it and can then compromise it.
Mashable states that plugins and add-ons are the most common way cybercriminals can access a user's system.
Security firm BitDefender offers an antiphishing module that can increase protection from potential phishing scams.