Researcher Finds New Type of Phishing Attack

A researcher has found a new method for carrying out phishing attacks “that takes advantage of the way that browsers handle tabbed browsing and enables an attacker to use a script running in one tab to completely change the content in another tab,” according to ThreatPost.

The attack, discovered by Aza Raskin of Mozilla, relies on users visiting a controlled infected website. When the user visits the infected website, it reads what other tabs the user has opened in the browser and changes itself to look like a selected page.

Raskin actually demonstrates it on his website in which the page alters to appear as the login page for Google. The system could also be used in the case of banking websites, etc. to steal login and account information.

“As the user scans their many open tabs, the favicon and title act as a strong visual cue—memory is malleable and moldable and the user will most likely simply think they left a Gmail tab open,” Rashkin writes. “When they click back to the fake Gmail tab, they’ll see the standard Gmail login page, assume they’ve been logged out, and provide their credentials to log in. The attack preys on the perceived immutability of tabs.”

Share this story...Tweet about this on Twitter0Share on LinkedIn0Share on Facebook0Share on Google+0Email this to someone
Filed in: Cloud Tags: 

You might like:

Survey: Cyber Criminals the Biggest Threat to Organizations; Rob Stroud Comments Survey: Cyber Criminals the Biggest Threat to Organizations; Rob Stroud Comments
IBM: US Corporations Targeted in Online Banking Fraud IBM: US Corporations Targeted in Online Banking Fraud
FireEye’s Kevin Mandia: New Mandiant Report Details Cyber Threat Trends, Tactics FireEye’s Kevin Mandia: New Mandiant Report Details Cyber Threat Trends, Tactics
EMC Unit to Resell Wombat Cyber Training Product; Todd Leftkowitz Comments EMC Unit to Resell Wombat Cyber Training Product; Todd Leftkowitz Comments
© 2015 ExecutiveBiz. All rights reserved.