| layout | title | permalink | tags | ||
|---|---|---|---|---|---|
post |
Tab nabbing attack |
/tab_nabbing/ |
|
An ingenious phishing vector: Aza Raskin found a clever way to phish users' credentials. The idea consits of waiting until a visitor switches tabs to replace the favicon and page content with a fake site.
You can try the attack by visiting http://www.azarask.in/blog/post/a-new-type-of-phishing-attack/. After loading the page, switch tabs for a few seconds and then go back to Aza's site.
You can avoid falling for this attack by:
- Always checking the URL before entering a password.
- Closing tabs you no longer need.
- Using your browser's account manager.
- Opening shady websites in a dedicated window, browser or laptop.