Researcher Finds New Type of Phishing Attack

A researcher has found a new method for carrying out phishing attacks “that takes advantage of the way that browsers handle tabbed browsing and enables an attacker to use a script running in one tab to completely change the content in another tab,” according to ThreatPost.

The attack, discovered by Aza Raskin of Mozilla, relies on users visiting a controlled infected website. When the user visits the infected website, it reads what other tabs the user has opened in the browser and changes itself to look like a selected page.

Raskin actually demonstrates it on his website in which the page alters to appear as the login page for Google. The system could also be used in the case of banking websites, etc. to steal login and account information.

“As the user scans their many open tabs, the favicon and title act as a strong visual cue—memory is malleable and moldable and the user will most likely simply think they left a Gmail tab open,” Rashkin writes. “When they click back to the fake Gmail tab, they’ll see the standard Gmail login page, assume they’ve been logged out, and provide their credentials to log in. The attack preys on the perceived immutability of tabs.”

email
Filed in: Cloud Tags: 

You might like:

EMC Unit to Resell Wombat Cyber Training Product; Todd Leftkowitz Comments EMC Unit to Resell Wombat Cyber Training Product; Todd Leftkowitz Comments
Public Sector Top Recipient of Targeted Attacks Says Symantec Public Sector Top Recipient of Targeted Attacks Says Symantec
Symantec Releases Results of October Intelligence Report Symantec Releases Results of October Intelligence Report
Heidi Klum Tops McAfee's Most Dangerous List in Cyberspace Heidi Klum Tops McAfee's Most Dangerous List in Cyberspace
© 2014 ExecutiveBiz. All rights reserved.