in

Researcher Finds New Type of Phishing Attack

Researcher Finds New Type of Phishing Attack - top government contractors - best government contracting event
https://executivebiz-media.s3.amazonaws.com/2022/08/19/30/9f/c3/a0/b7/6f/d4/64/Executive-Biz.png

A researcher has found a new method for carrying out phishing attacks “that takes advantage of the way that browsers handle tabbed browsing and enables an attacker to use a script running in one tab to completely change the content in another tab,” according to ThreatPost.

The attack, discovered by Aza Raskin of Mozilla, relies on users visiting a controlled infected website. When the user visits the infected website, it reads what other tabs the user has opened in the browser and changes itself to look like a selected page.

Raskin actually demonstrates it on his website in which the page alters to appear as the login page for Google. The system could also be used in the case of banking websites, etc. to steal login and account information.

“As the user scans their many open tabs, the favicon and title act as a strong visual cue“”memory is malleable and moldable and the user will most likely simply think they left a Gmail tab open,” Rashkin writes. “When they click back to the fake Gmail tab, they'll see the standard Gmail login page, assume they've been logged out, and provide their credentials to log in. The attack preys on the perceived immutability of tabs.”

ExecutiveBiz Logo

Sign Up Now! ExecutiveBiz provides you with Daily Updates and News Briefings about Government Cloud

mm

Written by Admin

Army Special Agent Receives Cyber Defender Award - top government contractors - best government contracting event
Army Special Agent Receives Cyber Defender Award
ISP Forced to Pay $807,000 in Spam Case - top government contractors - best government contracting event
ISP Forced to Pay $807,000 in Spam Case