Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Devious New Phishing Tactic Targets Tabs

24 May 2010   #1
Corrine

Windows 7 & Windows Vista Ultimate
 
 
Devious New Phishing Tactic Targets Tabs

Quote:
Consider the following scenario: Bob has six or seven tabs open, and one of the sites he has open (but not the tab currently being viewed) contains a script that waits for a few minutes or hours, and then the script quietly changes the both the content of the page and the icon and descriptor in the tab itself so that it appears to be the login page for Gmail.

In this attack, the phisher need not even change the Web address displayed in the browser’s navigation toolbar. Rather, this particular phishing attack takes advantage of user trust and inattention to detail, or what Raskin calls “the perceived immutability of tabs.” Then, as the user scans their many open tabs, the favicon and title act as a strong visual cue, and the user will most likely simply think they left a Gmail tab open.

“When they click back to the fake Gmail tab, they’ll see the standard Gmail login page, assume they’ve been logged out, and provide their credentials to log in. The attack prays on the perceived immutability of tabs,” Raskin explained. “After the user has enter they have entered their login information and sent it back your your server, you redirect them to Gmail. Because they were never logged out in the first place, it will appear as if the login was successful.”
See the complete article by Brian Krebs at Devious New Phishing Tactic Targets Tabs — Krebs on Security


My System SpecsSystem Spec
.

24 May 2010   #2
malexous

Arch Linux 64-bit
 
 

Something that might have even tricked me. Thanks for the heads up.
My System SpecsSystem Spec
24 May 2010   #3
smsff7

Windows 7 Pro X64
 
 

Good thing I use outlook. So I know whats up if this were to ever happen to me
My System SpecsSystem Spec
.


03 Jun 2010   #4
kucing13

 

I rarely use gmail. Unless there's a fake Yahoo mail.. I'm gonna be cautious
My System SpecsSystem Spec
03 Jun 2010   #5
Thorsen

Win7 Home Premium 64x
 
 

Quote   Quote: Originally Posted by kucing13 View Post
I rarely use gmail. Unless there's a fake Yahoo mail.. I'm gonna be cautious

Quote from link: "It’s important to keep in mind that this attack could be used against any site, not just Gmail. "

Edit: reiteration: This could be any site...not just email....

I would be cautious.... Although the javascript is ran from the attack-site so you would need to be surfing in dangerous waters first. Just be on Gaurd or change surfing habits to close pages and re-open from bookmarks whenever logging in.


Thanks Corrine for info!
My System SpecsSystem Spec
03 Jun 2010   #6
kucing13

 

I guess i've missed that.. Thanks for the heads up thorsen
My System SpecsSystem Spec
04 Jun 2010   #7
wee

XP/W7/Lucid/Arch
 
 

This is a classic social engineering trick, you have to be aware of this. If you had a open tab that was logged into whatever and it suddenly shows you to be logged out that should be a big red flag. using explorer is less protection as well you need a flash blocker for the best safety, and FF provides some of the best addons for overall safety, if set up correctly.
My System SpecsSystem Spec
Reply

 Devious New Phishing Tactic Targets Tabs




Thread Tools





Similar help and support threads
Thread Forum
New scam tactic: Fake disk defraggers
If they can't get you one way, they'll try it another way...... Read more: New scam tactic: Fake disk defraggers | InSecurity Complex - CNET News
Security News
New Phishing Scam Targets Verizon Online Customers
July 2, 2010 Verizon Online has been made aware of a new phishing scam targeting Verizon customers. This scam attempts to lure customers to a fraudulent web site to input personal information and/or download virus infected programs. Verizon will never ask you to provide or verify personal...
Security News
Phishing Attack Targets Merchant Accounts
As the Holiday season starts out, phishers and scammers have wasted no time in their quest for financial gain. The best rules that apply to a safe holiday online shopping season are: Be cautious, make sure your AV/Spyware defs are up to date, and the most powerful weapon...common sense. (If it's...
Security News
Devious New Phishing Tactic Targets Tabs
Devious New Phishing Tactic Targets Tabs Many Internet users know what a regular phishing attack looks like, where an email comes in with a link asking you to click it and enter your credentials into a fake site meant to steal that info. What about a sneaky one that exploits user inattention to...
System Security
NOT svchost.exe but something a little more devious
Hi guys, I've had problems with svchost.exe before, but now I am getting my RAM stolen by svchstx.exe. Its taking anywhere from 50% - 95%. I personally have never seen svchstx.exe at all before this, but if anyone could tell me what it controls or what it does, I may be able to fix it. :S ...
Performance & Maintenance
Phishing scam targets users of Adobe PDF Reader.
Source - Phishing scam targets users of Adobe PDF Reader - Network World
Security News

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 14:24.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App