Alessandro Zanello

It's called "tabnabbing" and is a new form of phishing is spreading on the Web, as explained by Aza Raskin, creative lead of Firefox, here , and as seen here:

A New Type of Phishing Attack from Aza Raskin on Vimeo .

This type of attack exploits the habit of users to open multiple tabs (tabs) within the browser during normal sailing then to consult them one by one. How it works.

While it is committed to displaying the contents of a card, if one of the other is open pending at an infected site containing a malicious script, it recognizes that the page does not have focus and is inactive for some time, and then redirects the open page on a site created ad hoc and very similar to a well-known (for example your bank or your Webmail provider, Facebook or Twitter), completing the trick with the replacement card icon on the site lawful.

When the user sees the icon of the known site on that card and he thinks it is opened, visiting it, is just across a page family, who asked for credentials, then enter their authentication data without checking thoroughly. The script stores the fraudulent credentials and leads the unsuspecting user on the page truly, truly autenticandovelo.

In this way the user perceives or even suspected of having been robbed of your account.

The attack can be refined and customized using the history stored in the browser, resulting in masterpieces of social engineering in the scam.

The electronic fraud are increasing during the financial crisis, as fraudsters take advantage of the news of mergers, investments, failure to engineer false requests for re-accreditation of the customers of the banks closed. The wave will grow a lot in the coming weeks, following reports of difficulty of the various European institutions.

The only association of banks in the United Kingdom was responsible for managing electronic payments (APACS) has already worrying figures released before the acute phase of the crisis: from January to June 2008 phishing attacks were up 186% over the same period of 2007, totaling more than 20,682 accidents in the first six months of the year.

It 'must therefore be even more careful than usual at this time, remembering that generally financial institutions will never ask you to disclose your data via email and that if it is required to visit your school, just to verify, Â should do it directly and not through links offered by third parties.

BBC