T@b N@pp!ng — $tr@nge Ph!sh!ng @tt@ck

Posted: February 23, 2011 in Eth!c@l H@ck!ng, Tech Stuffz
Tags: , ,

Now a days we are spending more money online than from our wallets. And with our bank account access credentials anyone can wipe out our account online. These reasons led fraudsters to find more and more phishing attacks and innocent individuals getting bankrupted.

The most common way that we all know is with phishing mails having links to fake sites. But most of us can apparently neglect fake links which made phishing scammers more difficult to steal credentials. But there are some creative programmers who made it possible to hack credentials without even user clicking links. Its known as tab napping.
Tab napping is a brilliant way of stealing credentials from users.
So how does it work??
When u are accessing mutiple tabs in ur browser, attacker can reload any inactive tab with his fake page looking as exactly as our bank account login page. wen we switch across tabs we dnt really care abt the url. So if when we find bank login page again though we logged in long bak, obviously we ll think that session has expired and we ll relogin again. Indirectly inputting our credentials to the attacker which is more equivalent to giving all our cash to him.

some ways to prevent..

  • Dont use multiple tabs when accessing bank accounts.
  • Do cross check the url before typing ur credentials.

Perceptions can be deceptive. What u see might not be wat u actually want to see.. 🙂 Beware!

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s