Wednesday 9 June 2010

New threat: tab napping, please be aware

I'm always reminding people not to click on links inside emails as its a very insecure thing to do. The trouble is that's what IT Managers everywhere are telling people to do and as such phishing attacks are declining. That's the good news.

The bad news is that hackers are as always one step ahead and there's a new threat out in the wild. Its called 'Tab Napping'.

The basic gist of it is, you go to an online banking site and get to its login screen, then you suddenly think of something else you wanted and open a new tab to do a quick google search. Normally there's nothing wrong with that, however if you hit a malicious site the original tab could change without you knowing about it. When you click back to it, you expect to see a login page and as far as you are aware you browsed to it yourself so its in a trusted zone in your mind. If you then submit your login details, you could be supplying fraudsters with your details.

These attacks are highly sophisticated but here's how to protect yourself:
  • Make sure you always check the URL in the browser address.
  • If the URL looks suspicious in any way, close the tab and reopen it by entering the correct URL again.
  • Avoid leaving tabs open which require you to type in secure login details.

1 comment:

  1. It may also help to download Rapport free from