Tabnabbing - A New Type of Phishing Attack

So far in this blog i have explained about Phishing attacks in detail , I have written articles on How you can hack Face book , GMail or any other email account by using a Phisher (fake page ) , If your new to the concept of Phishing i would recommend you to read the following articles before reading this one


In this article i'll explain a new phishing technique called as "Tabnabbing" Which is getting very popular now a days


What is Tabnabbing ? 
Tabnabbing is a new type of  phishing attack. It basically refers to a website that is changing its look and feels to a fake website after some time of inactivity. It is about a page we’ve been looking at, but will change behind our backs, when we aren’t looking

How The Attack Works ?

A user navigates to a normal looking website. A custom code detects when the page has lost its focus and hasn’t been interacted with for a while. The favicon gets replaced with that of GMail (or any other website), while the title with “Gmail: Email from Google”, and the page with a Gmail login look-a-like. This can all be done with just a little bit of Javascript that takes place instantly.

As the user scans their many open tabs, the favicon and title can easily fool the user to simply think he left a Gmail tab open. When he clicks back to the fake Gmail tab, he’ll see the standard Gmail login page, assume he has been logged out, and provide his credentials to log in. The attack preys on the perceived immutability of tabs.

After the user has entered their login information ,He is redirect to Gmail.as in Normal Phishing attack

Demonstration of a Tabnabbing Attack 




Commonly Targeted Web sties  

These attacks are commonly  target towards Online Banking websites , But why Online Banking websites ?All most all banking  websites have a security feature in which " If you have logged into your online Banking account and left it idle for a few minutes, it  automatically logs you out as a precaution " .Due to this feature Tabnabbing is very  handy in attacking users of online banking because the users feel that  he/she would have logged in to the bank account and the session has expired.

How Can You Protect Yourself  From This Attack ?

You can protect yourselves from this attack by using Firefox Browser. But Why Firefox ? Because Firefox has lots of addons (plugins) which can protect you from this attack or any other phishing attack ,so stop using your crappy web browsers such Internet explorer, switch to Firefox

Some of the Best Anti-phishing  Fire Fox addons are listed below you can use them for your safety

So i hope this Information helps You ,In my next post I'll explain how you can use this method (tabnabbing) to hack Facebook ,Gmail accounts 

Subscribe to Hackaholic

Enjoyed this article?
Subscribe to "Hackaholic"and get daily
updates in your inbox for free!

Related Posts Plugin for WordPress, Blogger...

Anonymous

Very nice tutorial u gave...Thx for ur effort..=D

REPLY
Anonymous

I don't get witch JavaScript I have to replace! I also don't know what Code I replace from the old JavaScript! Please explain the steps clearly and just help me with the tutorial.

REPLY
John said on August 7, 2011 at 8:11 AM :

@Anonymous

I told you that i will be posting about it , so please Be patient

REPLY
Sơn said on August 7, 2011 at 8:17 AM :

I like it!

REPLY
Anonymous

Dat waz really nice

REPLY
AimBin said on February 27, 2012 at 11:44 PM :

I have read this article ..... a good one... but i have also found some interesting material at http://freefeast.info/general-it-articles/tabnabbing-be-safe-from-black-hats/ regarding Tabnabbing.... Thought you people might like it...

REPLY
badlivinggood

I think this tabnabbing is another way to go, phishing is not bad but i guess its kinda getting detected pretty quick
one problem i m having with tabnabbing is how are u sure the targetee opened the first page that then transformed into the phish page later..that is my concern.... because if the targetee didnt open it at all then it might sponge up suspicious.

REPLY

Use the form below to comment. No spam please!!!

© 101hacker | Design by Mukund edited by John
Powered by Blogger