Let's Build a Responsible Cyber Society




Beware of Tab-Napping.. A Variant of Phishing

"Phishing" is a well known form of identity theft employed by fraudsters to steal the log in details of victims to Bank accounts and e-mail accounts. Normally Phishers send a fake e-mail and entice victims to visit a false website and enter the log in particulars.

In what is termed as a variant of the fraud, "Tab-Napping" has been identified as a new type of stealing the credentials. Internet users need to be careful about this new type of fraud.

Tab-napping is a method of faking the browser tabs already opened and kept inactive by the user while he browses through other tabs. For example, let us say a user has visited a Bank website and kept a tab open for the purpose. In the meantime he goes to another tab for some other work. The Tabnappers watch such a situation and silently replace the earlier tab in which you were working on the Bank account and replace it with a fake tab. When you return to this tab, you may be asked to reenter your credentials which you may assume is because you have been logged out due to lapse of time. The credentials entered may reach the fraudster resulting in the compromise of your account.

Presently we advise users to watch out for "https" on the URL window. This would not be sufficient in cases of Tab-napping since the URL window may be made to display the https tag even otherwise.

Users should therefore watch the browser window each time they enter the credentials to see if it appears genuine. It is better to re enter the URL in a new window before proceeding with a transaction which was parked in an inactive tab.

If you are using Firefox, using "No Script" add on may prevent this exploit.


June 20 2010

Related Articles




Related Article:

Comments are Welcome at naavi@vsnl.com