How Can I Avoid Having My Gmail Account Compromised By A Tabnapping Attack?

by Lee on June 27, 2010

in Internet Security

If you have been using the internet for any length of time then you know that the one thing that is a constant is that new forms of cyber attacks are always evolving.

There are new attacks invented every day but only a small minority of them change the world.

There is one new attack, however, that is rising up the ranks because of how effective it is.

That attack is called tabnabbing and it uses a mixture of both technical skills and social engineering to perform a phishing attack.

beware of tabnapping attacks

beware of tabnapping attacks

Tabnapping

The first thing that it does is to have you visit a web page that seems normal.

When you look at the page you will see nothing out of the ordinary.

The attack doesn’t happen while you are on the page though, it happens after you leave.

Once the JavaScript on the page sees that you have switched to another tab it will change the favicon, that is the little picture on the top of your browser that has the web pages logo on it, to the Gmail logo.

It then refreshes the page that you were on to look like the login for your Gmail account.

Since you are not expecting the attack, you probably think that this is your normal login so when you want to check your email account you will use this page to gain access to your email.

But, instead of logging in to Gmail, you are actually giving the bad guys your password and username.

They will be able to get into your account at a later date.

How To Avoid Tabnapping

There are several ways that you can avoid becoming a victim of an attack like this.

The first thing is that now that you know about it, if you have any questions on whether you opened gmail in your browser or not, shut the page off.

Type in the gmail page yourself so there will be no chance that you are attacked.

Your common sense will give you a greater defence against this attack than any software security product will.

Of course, having a good antivirus program installed is always recommended though and you should ensure that you always update whichever program you use.

Most antivirus vendors are aware of the attack so they have updated their antivirus signatures to be aware of it when it happens.

You should see a pop up telling you that it stopped an attack from happening on your system.

Once you see that, you know not to go to that web page ever again.

This attack is very slick as far as implementation and delivery goes.

This could fool even the most careful of security experts but the one thing about this attack is that once you know about it, it is quite easy to avoid.

So make sure that you are on the lookout for something like this happening and you and your email account will be safe.

Share this post: Tweet It | Facebook It | Stumble It | Digg It | Delicious It

Related Posts:

  • How Can I Protect My Gmail Account?
  • How Do I Avoid A Click Jacking Attack Whilst Surfing The Internet?
  • How Can I Avoid Viruses That Come In The Mail?
  • Old Attack Learns New Tricks – Clickjacking 2.0
  • Hackers Don’t Just Attack Inexperienced Users, They Attack The Arrogant Ones Too
  • Are Your Firefox Browser Plugins Vulnerable To Attack?
  • Two Easy Tips For Keeping Your Paypal Account Secure
  • What Exactly Is A Brute Force Attack?
  • How Can I Identify Spyware And Avoid It With 10 Easy Tips?
  • What Exactly Is A Dictionary Attack?

    • { 2 comments… read them below or add one }

    Lee July 8, 2010 at 9:20 am

    Maybe not according to Brian Krebs – http://krebsonsecurity.com/2010/05/devious-new-phishing-tactic-targets-tabs/

    Reply

    Dave July 7, 2010 at 11:41 am

    I believe i saw where the Firefox addon NoScript protects a user from
    tabnapping.

    Reply

    Leave a Comment

    { 1 trackback }

    Previous post:

    Next post: