One of the latest phishing scams to hit our Internet browsers is a deviously simple attack known as “Tabnabbing”. It targets anyone who keeps multiple tabs open in their browser for extended periods of time – which is most people. Then uses JavaScript to change the label and contents of a page that has been left dormant to resemble the login screen for an account that has already been used in that session.
The result is that the user then enters their login details on the replicated page, giving fraudsters fast and easy access to their password and any other information typed out.
One of the most disconcerting things about this attack is how well it imitates legitimate pages so that at a glance, it is almost impossible to tell they aren’t the real deal. It plays on peoples’ memory flaws as well as their willingness to follow onscreen instructions without questioning.
However despite the prevalence of Tabnabbing, it is relatively straightforward to prevent it from affecting you. Simply clicking onto a fraudulent tab will not do any harm. It is only when you enter information that the attack becomes malicious.
The best ways to protect yourself are to install anti-virus and anti-malware software and make sure your browser’s filter is switched on so that it can block any malicious or infected sites.
If you are in any way unsure about whether or not a tab is legitimate, simply close it and re-enter the full url for the page you require. This is especially important for online banking or any other account that holds your financial details.
ITC Secure Networking offers professional help and advice to assist businesses in optimising their network security. If you would like to know more about the services we provide, please get in touch.
