How does phishing work?
The term phishing is a variant of "fishing" and refers to the technique used to trick users by making them believe they are in a familiar Web page in order to steal their confidential information, login details, etc.
Why bother finding programming bugs when a computer's most vulnerable point is the user? This is what many criminal groups are thinking and actually every day they find new ways to make users take the bait.
New phishing techniques: Tabnabbing.
Tabnabbing is a new phishing technique first documented in May 2010. It is really interesting as it shows how Internet users' habits are studied by cyber-criminals.
Tabnabbing consists of exploiting the tab browsing system in modern browsers to make users believe they are in a familiar Web page such as Gmail, Hotmail, Facebook... and stealing their passwords.
- Criminals trick users (using spam, etc.) into visiting an infected Web page.
- From this page, the criminals can then detect any open-but-not-active pages in the browser and use a JavaScript command to rewrite that page's title, content and favicon, so it now appears to be the login page of a familiar service, such as Gmail or Hotmail, etc.
- Users often keep many tabs open, and when they see the (fake) Gmail page, they may not remember whether they accessed it themselves previously and simply think that the login page has appeared because the previous session has timed out.
- After users enter their login credentials in the fake page, the data is stored and they can be redirected to the genuine page.
To find out more on how to protect your System(s) contact us here and sign up to
receive our regular News letter and top IT tips