Be aware because a new variant of “phishing” has been revealed! Mostly, “phishing” was created to fool PC users into giving their money away. At the beginning they get a quite trustworthy looking e-mail with a link, leading to their bank, credit card or e-mail account website which in reality is fake. With a help of these malicious websites, scammers easily get all the information and account details once they convince people to log in there. Finally, these accounts are simply compromised.
However, now it was noticed a new type of attack, which is called “tabnapping”. “Tabnapping” relies on changing a tab while you’re not looking at it. When website visited is left opened in a “tab”, content is changed into malicious log in page, such as Twitter, Facebook, Gmail, banking account or other genuinely looking, popular one website. In this way, people are expected to believe that they have left the site opened and have been logged out, so they simply log back in again. However, in truth they are giving their sensitive information for scammers.
There is a great possibility that this type of attack will be successful and websites opened will be the same users were visiting and even logged in. It’s quite hard to notice the “tabnapping” website but it is possible to avoid such scam. Remember:
Every time you log in to a website, check the URL in the address bar to make sure you’re still on the real legitimate website and you haven’t been “tabnapped”. If the URL address looks suspiciously, close this tab, open a new one and enter real address.
And of course, keep in mind not to leave websites requiring secure logins opened in tabs. In this way you will know which website is real and which one is “tabnapped”.