Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Devious New Phishing Tactic Targets Tabs

24 May 2010   #1

Windows 7 & Windows Vista Ultimate
 
 
Devious New Phishing Tactic Targets Tabs

Quote:
Consider the following scenario: Bob has six or seven tabs open, and one of the sites he has open (but not the tab currently being viewed) contains a script that waits for a few minutes or hours, and then the script quietly changes the both the content of the page and the icon and descriptor in the tab itself so that it appears to be the login page for Gmail.

In this attack, the phisher need not even change the Web address displayed in the browser’s navigation toolbar. Rather, this particular phishing attack takes advantage of user trust and inattention to detail, or what Raskin calls “the perceived immutability of tabs.” Then, as the user scans their many open tabs, the favicon and title act as a strong visual cue, and the user will most likely simply think they left a Gmail tab open.

“When they click back to the fake Gmail tab, they’ll see the standard Gmail login page, assume they’ve been logged out, and provide their credentials to log in. The attack prays on the perceived immutability of tabs,” Raskin explained. “After the user has enter they have entered their login information and sent it back your your server, you redirect them to Gmail. Because they were never logged out in the first place, it will appear as if the login was successful.”
See the complete article by Brian Krebs at Devious New Phishing Tactic Targets Tabs — Krebs on Security

My System SpecsSystem Spec
.

24 May 2010   #2

Arch Linux 64-bit
 
 

Something that might have even tricked me. Thanks for the heads up.
My System SpecsSystem Spec
24 May 2010   #3

Windows 7 Pro X64
 
 

Good thing I use outlook. So I know whats up if this were to ever happen to me
My System SpecsSystem Spec
.


03 Jun 2010   #4

 

I rarely use gmail. Unless there's a fake Yahoo mail.. I'm gonna be cautious
My System SpecsSystem Spec
03 Jun 2010   #5

Win7 Home Premium 64x
 
 

Quote   Quote: Originally Posted by kucing13 View Post
I rarely use gmail. Unless there's a fake Yahoo mail.. I'm gonna be cautious

Quote from link: "It’s important to keep in mind that this attack could be used against any site, not just Gmail. "

Edit: reiteration: This could be any site...not just email....

I would be cautious.... Although the javascript is ran from the attack-site so you would need to be surfing in dangerous waters first. Just be on Gaurd or change surfing habits to close pages and re-open from bookmarks whenever logging in.


Thanks Corrine for info!
My System SpecsSystem Spec
03 Jun 2010   #6

 

I guess i've missed that.. Thanks for the heads up thorsen
My System SpecsSystem Spec
04 Jun 2010   #7
wee

XP/W7/Lucid/Arch
 
 

This is a classic social engineering trick, you have to be aware of this. If you had a open tab that was logged into whatever and it suddenly shows you to be logged out that should be a big red flag. using explorer is less protection as well you need a flash blocker for the best safety, and FF provides some of the best addons for overall safety, if set up correctly.
My System SpecsSystem Spec
Reply

 Devious New Phishing Tactic Targets Tabs




Thread Tools



Similar help and support threads for2: Devious New Phishing Tactic Targets Tabs
Thread Forum
New scam tactic: Fake disk defraggers Security News
New Phishing Scam Targets Verizon Online Customers Security News
Phishing Attack Targets Merchant Accounts Security News
Multiple Tabs in FireFox Creates Multiple Window Tabs Browsers & Mail
Devious New Phishing Tactic Targets Tabs System Security
NOT svchost.exe but something a little more devious Performance & Maintenance
Phishing scam targets users of Adobe PDF Reader. Security News

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 07:18 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33