We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
WARNING: tabbed browser phishing 'tabnagging'
Options
Mr_Oink
Posts: 1,012 Forumite
in Techie Stuff
Friends, a new and scary phishing attack on tabbed browsers that works on inattentiveness and visual cues (the small favicon). Make yourself familiar with 'tagnabbing'.
It works like this. You open a tab to an infected site and leave this open to switch to another tab. In the background the old tab replaces itself with a spoof phishing site. When you scan your tab bar you pick it thinking it's genuine. Here is a harmless example showing the trick with Facebook.
http://www.elblowfly.org.uk/tagnab/
There are lots of variations on the theme and I urge you all to be careful with tabbed browsers checking the actual address matches what your eyes are seeing.
It works like this. You open a tab to an infected site and leave this open to switch to another tab. In the background the old tab replaces itself with a spoof phishing site. When you scan your tab bar you pick it thinking it's genuine. Here is a harmless example showing the trick with Facebook.
http://www.elblowfly.org.uk/tagnab/
There are lots of variations on the theme and I urge you all to be careful with tabbed browsers checking the actual address matches what your eyes are seeing.
0
Comments
-
Didn't turn into facebook for me but I will trust you!0
-
Yes, it has turned into a lookalike facebook page for me.
:mad:Never interrupt your enemy when he is making a mistake.0 -
Itis not aimed at tabbed browsers specifically. If the window loses focus the timer in the javascript kicks in and 5 secs later changes it to the facebook info.
Simple way to defeat it is to disable javascript.
Full info here on the author's siteThis is a system account and does not represent a real person. To contact the Forum Team email forumteam@moneysavingexpert.com0 -
That is quite cool. Reminds me of another favicon trick used by SSLstrip - replace the icon with a padlock so users will be tricked into thinking they are on a secure site.
For example, you see martin's face up in the address bar to the left of http://forums.... ?
Look at this example: It's a non-secure site (not SSL - you can tell by it being http instead of https) and yet it has a padlock:
0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 350.8K Banking & Borrowing
- 253.1K Reduce Debt & Boost Income
- 453.5K Spending & Discounts
- 243.8K Work, Benefits & Business
- 598.7K Mortgages, Homes & Bills
- 176.8K Life & Family
- 257.1K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards