New phishing technique exploits browser tab use

According the SC magazine a leading Firefox developer has discovered a new phishing attack method. This new phishing attack called tabnabbing. Tabnabbing means the users generally do not keep track of all the tabs they have opened at one time on browser tabs. Tabnabbing allow the attacker to implicitly change the contents of a separately tabbed page, name and logo when a user eventually returns to the tab such as Gmail and Facebook. In this new phishing attack, a user might to be tricked into visiting a maliciously crafted tabbed page including JavaScript. The victims may not expect is that a page they have been looking at will change behind the victims’ backs, when they are not looking. Phisher will catch them by surprise. Besides this, an attacker could make the phishing ruse even more clever and skilful by tricking somebody that takes advantages of a user’s web browsing history file. Attacker also is able to display a message that the user’s session has timed out, thereby adding legitimacy to the attack. Furthermore, users should check the URL of a site carefully if an unexpected login any webmail, bank or online commerce site page screen appears because there is no way to indicate that the page has changed. Last but not least, users can consider running the NoScript add-on for Mozilla Firefox or they can deploy a password management tool, which should not make saved logins available for use at malicious sites.