Tabjacking – A very clever take on an old trick!

Published Tuesday, May 25, 2010 11:49 AM


I am sure that most of you out there know what a phishing scam is, and I'm willing to bet that you could spot one when you see it. Well there is a new ingenious way of tricking someone into using a phishing site and it's called tabjacking. The scammer gets you to click on their site which could be anything and when you switch tabs to look at something else it will change to a phishing like a Gmail login page. For people like me who have lots of tabs open all the time I can't remember what tabs they have open. It's a lot easier to spot a phishing scam when you were the one clicking the link, once the tab is open you tend to trust it will not to change on you.

This little bit of malicious code only works in Firefox as far as I know, but I am sure it will find it's way into other browsers. This is one of the reasons I use LastPass for my passwords. I never enter passwords by hand they are all stored securely in LastPass. So if I go to a login page that I have an account for it should autofill the password for me, if it doesn't then there is something wrong with the URL an it's probably a scam.  

If you would like to see it in action all you have to do is open this link in a new tab. Once it's open switch back to this tab and wait and watch the Tab you just opened. It's pretty freaky and scary that something like that is possible.


Filed under: , ,
Add to Bloglines Add to Del.icio.us Add to digg Add to Facebook Add to Google Bookmarks Add to Newsvine Add to reddit Add to Stumble Upon Add to Shoutwire Add to Squidoo Add to Technorati Add to Yahoo My Web


This Blog

Syndication