Sunday, November 7, 2010 0 comments
In traditional phishing, attacker by email or by any other way sent the phishing page url to the victim which looks like the original login page. But now a days attacker got a new way of phishing. This new way is called TAB NAPPING.
Tab Napping works on the user's assumption that a tabbed web page stays the same when other Internet services are being accessed.Tab napping is more sophisticated than the traditional phishing and it no longer relies on persuading you to click on a link. Instead it targets internet users who open lots of tabs on their browser at the same time.
How does it work:-
By replacing an inactive browser tab with a fake page to obtain your personal data - without you even realising it has happened.Fraudsters can actually detect when a tab has been left inactive for a while, and spy on your browser history to find out which websites you regularly visit, and therefore which pages to fake.
So don't assume that after you have opened a new tab and visited a web page, that web page will stay the same even if you don’t return to it for a time while you use other windows and tabs. Malicious code can replace the web page you opened with a fake version which looks virtually identical to the legitimate page you originally visited.
How To Detect And Protect Yourself From Tab Napping
Here are the simple and easy steps with which you can detect this new phishing technique “Tab Napping”.
1. Don’t open another tab when your are working with your banking site or any other secure businesswebsite instead open new windows using CTRL+N.
2. Always check the url address of the website if you return from another tab.(Fake page will have differentUrl)
3. Check that the url has secure address “https:// “ or a big green bar in front of the url in address bar which certifies that it is secure and certified website.
4. If you find anything suspicious close the tab and type and open the website in new Tab.