Researcher Finds New Type of Phishing Attack

May 25, 2010 | Filed under: Cloud | Posted by:

A researcher has found a new method for carrying out phishing attacks “that takes advantage of the way that browsers handle tabbed browsing and enables an attacker to use a script running in one tab to completely change the content in another tab,” according to ThreatPost.

The attack, discovered by Aza Raskin of Mozilla, relies on users visiting a controlled infected website. When the user visits the infected website, it reads what other tabs the user has opened in the browser and changes itself to look like a selected page.

Raskin actually demonstrates it on his website in which the page alters to appear as the login page for Google. The system could also be used in the case of banking websites, etc. to steal login and account information.

“As the user scans their many open tabs, the favicon and title act as a strong visual cue—memory is malleable and moldable and the user will most likely simply think they left a Gmail tab open,” Rashkin writes. “When they click back to the fake Gmail tab, they’ll see the standard Gmail login page, assume they’ve been logged out, and provide their credentials to log in. The attack preys on the perceived immutability of tabs.”

Related posts:

  1. Another Twitter Phishing Attack over Weekend
  2. CA Researcher Finds Obnoxious Trojan
  3. Facebook Increasingly Targeted in Phishing Scams
  4. Phishing for Tweets: Phishing Attack Hits Twitter
  5. Company Sues Bank Following Successful Phishing Attack

One Response to Researcher Finds New Type of Phishing Attack

  1. Pingback: GOD A DOG-Laugh to Be Healthy » Blog Archive » Our Own Laugh Factory – Starting a Comedy Club

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>