A New Type Of ‘Phishing’ Attack – ‘Tab-Nabbing’

This morning, I came across an interesting and scary article about a new type of ‘phishing’ attack – ‘tab-nabbing’.  For those of you unfamiliar with the cyber lingo, ‘phishing’ is:

“The act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has…The [site], however, is bogus and set up only to steal the user’s information.”

Definition courtesy of Internet.com

A well-known example of a ‘phishing’ attack occurred when cyber-criminals sent spam emails claiming to be from EBay telling users that their account with EBay would be suspended unless they clicked a link and updated their personal information, including credit card information.  The email was, of course, a ruse designed solely to obtain the credit card information and had nothing to do with EBay at all.

Many Internet users are more savvy now, and spam email filters have improved somewhat.  However, this new type of ‘phishing’ scheme is – to quote my friend, Flavio, at Amplify.com – “scary and dangerous.”  Flavio was the individual who made me aware of this new form of ‘phishing,’ and you can read more about it from him here as well as link to a video clip describing it.

Unlike the ‘phishing’ attack described above involving Ebay, this new form of attack does not rely on its ability to deceive a user from the get-go.  In other words, the only way the Ebay scam could be successful is if the user does not detect anything fishy either about the email or when they clicked the link provided (e.g., the URL might look odd, site seems unusual, etc.)  Once a user detects these abnormalities, the scammer has failed.

‘Tab-nabbing’ works by changing the way a legit site looks behind your back.  Here’s how the scam works – You begin by logging on to the site you actually intended to visit.  You click away from that site for whatever reason; e.g., let’s say you open a new tab and visit some other site for a little while.  The ‘tab-nabber’ detects that you have navigated away for a while, and using simple computer code, changes the ‘favicon’ of the first site to something you, as a user, would be familiar with.  The example given in the article was Gmail – the red and white envelope symbol you have probably seen thousands of times by now.  When you visually scan your tabs, you see the Gmail symbol and think nothing of it.  You re-open the tab, thinking you must have left a Gmail tab open by mistake, and are then re-directed to a bogus site asking for your Gmail login information.  The site looks just like your normal Gmail login page, so you are none the wiser.  Meanwhile, the ‘tab-nabber’ has just obtained your login information and can now login to your email remotely from anywhere in the world.

Once inside your email account, the ‘tab-nabber’ can do all sorts of mischief, access private information, obtain historical information about sites you visit, your client’s information, and so on, and so on.  After reading my friend’s article, I am starting to see where some lawyers and law firms are coming from when they set blanket policies on not using email for client communications.  It remains to be seen how widespread this type of attack will be.  However, one thing is certain:  If this scam proves to be successful, then more attackers will use it, and their use will not be limited to just trying to get inside email accounts.

For those of you concerned about your office’s cyber-security, I would strongly encourage you to educate yourself further about ‘tab-nabbing.’  This is definitely something that we need to be on our guard against in order to safeguard our private information as well as our client’s.

Thanks again to Flavio over at Amplify.com for making me aware of this issue.