Very clever. And even better than the rapid announcement, Giorgio Maone has already updated NoScript to prevent such attacks! (Version 1.9.9.81; if you've still running an older version, you're not protected.)
Time to tell my customers to contribute more $$$ to NoScript development! He keeps earning it, over and over again :))
Phishing attack uses tricky 'tabnapping'
Summary
A Mozilla user interface specialist has published proof-of-concept code for a new phishing technique, which makes use of morphing browser tabs to trick people into giving away login information.
Topics
A Mozilla user interface specialist has published proof-of-concept code for a new phishing technique, which makes use of morphing browser tabs to trick people into giving away login information.
Traditional phishing techniques generally lead a user directly to a malicious web page that impersonates a trusted page, such as an online banking login site, which can then harvest the user's login information.
The new technique, called 'tabnapping' or 'tabjacking', demonstrated by Mozilla Firefox creative lead Aza Raskin in a blog post earlier this week, leads a user to what appears to be a genuine site that delivers the content promised.
For more on this story, read Phishing attack uses tricky 'tabnapping' technique at ZDNet UK.
Just In
Doesn't work when NoScript is active, and if you use saved passwords they won't auto-fill, which ought to be a red flag.
Join the conversation!
The best of ZDNet, delivered
ZDNet Newsletters
Get the best of ZDNet delivered straight to your inbox
Vendor Showcase
Facebook Activity
