Tabnabbing – a new phishing attack

A perfect find to complement Lesson 0021, Secure Browsing Part 2 – Risks, which we’ll publish this weekend.  Notice this relies on using a Javascript exploit, which we’ll discuss in Lesson 0021, and which Tor Browser helps you disable as a security measure (NoScript Add-On Extension)

Here is the article and the author…

http://www.azarask.in/blog/post/a-new-type-of-phishing-attack/

The web is a generative and wild place. Sometimes I think I missed my calling; being devious is so much fun. Too bad my parents brought me up with scruples.

Most phishing attacks depend on an original deception. If you detect that you are at the wrong URL, or that something is amiss on a page, the chase is up. You’ve escaped the attackers. In fact, the time that wary people are most wary is exactly when they first navigate to a site.

What we don’t expect is that a page we’ve been looking at will change behind our backs, when we aren’t looking. That’ll catch us by surprise.

How The Attack Works

  1. A user navigates to your normal looking site.
  2. You detect when the page has lost its focus and hasn’t been interacted with for a while.
  3. Replace the favicon with the Gmail favicon, the title with “Gmail: Email from Google”, and the page with a Gmail login look-a-like. This can all be done with just a little bit of Javascript that takes place instantly.
  4. As the user scans their many open tabs, the favicon and title act as a strong visual cue—memory is malleable and moldable and the user will most likely simply think they left a Gmail tab open. When they click back to the fake Gmail tab, they’ll see the standard Gmail login page, assume they’ve been logged out, and provide their credentials to log in. The attack preys on the perceived immutability of tabs.
  5. After the user has entered their login information and you’ve sent it back to your server, you redirect them to Gmail. Because they were never logged out in the first place, it will appear as if the login was successful.

I dub this new type of phishing attack “tabnabbing”.

Advertisements
Tagged with:
Posted in Level 1 IO, Risk

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Current Versions
Looking Glass Secure Email
Version: Latest Beta
Tor Browser: 04.09.15: Version: 4.0.8
Tails : 03.31.15: Version: 1.3.2
Gpg4win: 03.18.15: Version: 2.2.4

We suggest you do NOT follow us with your real email address. Do Lesson #2, get a new anon email, then follow us.

Join 46 other followers