Tabnapping: the hot new thing in phishing attacks

We got an e-mail from our IT guys at the Chronicle today warning us about a new kind of phishing attack, dubbed “tabnapping.” This attack targets Firefox users who tend to keep a lot of tabs open in their browser at once.

It seems that a bit of script senses when someone has a bunch of tabs open and then looks into where you’ve been online, reports the tech site The Register.

The script looks into your browser’s history to see which sites you frequent, such as Facebook or Gmail. After a few minutes of inactivity on that tab, the script will throw up a fake page designed to look like one of the genuine sites you visit often. Of course, when you log in to the “familiar” site, you’re handing your credentials to the phishers.

You can see an example of how it works or watch the video below. Remember, try to keep track of the tabs you have open at any given time and make sure the URL is legit before you login.

Stay frosty people.

A New Type of Phishing Attack from Aza Raskin on Vimeo.