Tabnabbing: A New Type of Phishing Attack



That's insane. It got me. I wasn't expecting that page to actually be a live demo. It's so easy to fall for because you are not really paying attention when you are going back to a page.
 
I haz a feeling someone is going to be banking BIG time on this.


God damn the fact that I don't want to be in a cell with bubba. This is a gold mine in the open!
 
I got to thinking about how this could be used in AM. Though, it's pretty sure to get you arrested any way you go.


  1. Visitor hits your LP
  2. Visitor wants to leave
  3. They click the back button
  4. Your script grabs their previous page's code from their cache
  5. You load that up on top of your lander
  6. They click a link
  7. You have script not visit it and instead try to load a large file or something to make the page take forever to go
  8. Visitor visits another tab while waiting
  9. You load up some page like Gmail in that demonstration
  10. They input their data
  11. You again make it take forever to load the page
  12. They visit another tab while waiting
  13. You direct them to the actual page they were trying to visit originally in step 3
  14. Later, you start sending their E-mail offers until they buy something because ya'll aren't out to steal their personal info by storing their password
 
I find it funny that this has been around for awhile and dumb ass Harro is trying to pass it off as his invention now. That dude seems to try to claim everything as his to his noob followers.
 
Works in FF, Opera doesn't change the favicon, IE changes it to the default favicon, and it never jacked my page in Chrome 5.0.375.55 (although he says it's only been fixed in Chrome 6.x.x.x).
 
You must log in or register to reply here.
Top Bottom
Back