EddieS'04
In Memoriam 1950-2022
This is from Scam Busters...
<>~<>~<><>~<>~<><>~<>~<><>~<>~<><>~<>~<><>~<>~<><>~<>Special Issue: Tab-Nabbing -- The Latest Internet PhishingScam<>~<>~<><>~<>~<><>~<>~<><>~<>~<><>~<>~<><>~<>~<><>~<> Just when you thought you'd seen it all, a new andparticularly nasty form of Internet phishing, calledtab-nabbing, poses a new identity theft threat to web users. Phishing, just to remind you, happens when a scammer deceivesyou into giving away information about yourself, mostlyaccount details such as username and password. Usually via an email or a link on another web page, theydirect you to a bogus site that looks exactly like the genuinearticle -- like PayPal or Amazon for example -- and capturesyour login details when you try to sign in. The crook can then use those details to sign on and removemoney or make purchases on your account. You can read more about Internet phishing in some of ourearlier issues. http://clicks.aweber.com/y/ct/?l=LppUu&m=1aTgQTfrPmtWfo&b=imhzbQCYnIYoRfPiDUjLfA http://clicks.aweber.com/y/ct/?l=LppUu&m=1aTgQTfrPmtWfo&b=dloGLBvvbrfkGaV6p8qnxA http://clicks.aweber.com/y/ct/?l=LppUu&m=1aTgQTfrPmtWfo&b=F93avRtrUMj_GIlfnpC6oA All of these previous online phishing scams rely on the userbeing fooled into clicking a link, whereas the tab-nabberplays a different and much less obvious trick. If you're a regular Internet user, you'll know how tabs work.In your browser -- for example, Internet Explorer, Firefox,Safari or Google Chrome -- they allow you to have severalpages open at once, and to hop from one to the other. Sometimes, when you click on a link in one page, it opens thenew page in a separate tab, and it's not unusual to have halfa dozen or more tabs open at once. You even forget which ones you had open, which helps thetab-nabber immensely. The way this particularly evil form of Internet phishing worksgoes like this: * You already have a couple of tabs open when you land on apage controlled by the tab-nabber (though you won't knowthis). * While you're viewing this page, the tab-nabber accesses yourbrowsing history to see which sites you regularly visit thathave value to him -- again like Amazon, PayPal or an emailaccount like Gmail. * He (or she) then changes one of your tabbed pages to mimicone of these sites, complete with what looks like the genuinelogo on the tab itself, hoping, when you return to this tab,you will think you must have visited that page earlier andjust forgotten. * Even better, from the tab-nabber's point of view, you mayreally have just visited the genuine site (your bank, forexample), left it open in the tab, and then returned to it todiscover you seem to have been logged out. * Either way, the aim is to get you to think you're logging inagain and, hey presto, the scammer has pulled off his cunningInternet phishing trick. Two key aspects make this much more effective than previousonline phishing scams: First, you don't have to click a link to get to the boguspage; you just click on what looks like a genuine page tab. Second, it uses sites you habitually visit whereas phishingemails often seem to come from organizations you've had nodealings with, so you would immediately suspect something waswrong. In addition, if you do your banking online, the bank oftenwill actually sign you out if there's no activity on theirpage, even if you still have it open in a tab. It's notunusual to be asked to sign on again. However, two other things give the tab-nabbing trick away:First, although the page may look genuine, the Internetaddress or URL (the name of the site given in the address barat the top of your browser) won't. So, the real Amazon home page for instance will show"amazon.com" but a bogus page will have something quitedifferent, even if it has the word "amazon" in it. Second, the little padlock icon that appears in your browser(usually bottom right), when you visit a secure website, willbe missing. Still, it's a wicked deception, highlighted recently by aspecialist who works for Mozilla, the organization that makesthe Firefox browser. You can see his video demonstration oftab-nabbing (sometimes also called "tabnabbing" or"tabnapping") here if you have Adobe Flash installed. http://clicks.aweber.com/y/ct/?l=LppUu&m=1aTgQTfrPmtWfo&b=1UOtm_GuH_HsG98yrFtQew What can you do to ensure you don't fall victim to this newtype of Internet phishing? To be doubly-secure, here's whatyou should do. 1. Get into the habit of glancing at the address bar for everypage you visit or revisit. This makes good secure-surfingsense anyway. 2. Look for that padlock on what should be a secure site page. 3. After visiting a secure page, close it when you're done,rather than keeping it open in a tab. 4. If a site invites you to sign on again, close the tab andre-key the correct address. Any one of these four steps should help steer you clear of atab-nabbing scam -- and if you have security softwareintegrated with your browser, that should flag bogus sitestoo. With Internet phishing, you just can't be too cautious.
<>~<>~<><>~<>~<><>~<>~<><>~<>~<><>~<>~<><>~<>~<><>~<>Special Issue: Tab-Nabbing -- The Latest Internet PhishingScam<>~<>~<><>~<>~<><>~<>~<><>~<>~<><>~<>~<><>~<>~<><>~<> Just when you thought you'd seen it all, a new andparticularly nasty form of Internet phishing, calledtab-nabbing, poses a new identity theft threat to web users. Phishing, just to remind you, happens when a scammer deceivesyou into giving away information about yourself, mostlyaccount details such as username and password. Usually via an email or a link on another web page, theydirect you to a bogus site that looks exactly like the genuinearticle -- like PayPal or Amazon for example -- and capturesyour login details when you try to sign in. The crook can then use those details to sign on and removemoney or make purchases on your account. You can read more about Internet phishing in some of ourearlier issues. http://clicks.aweber.com/y/ct/?l=LppUu&m=1aTgQTfrPmtWfo&b=imhzbQCYnIYoRfPiDUjLfA http://clicks.aweber.com/y/ct/?l=LppUu&m=1aTgQTfrPmtWfo&b=dloGLBvvbrfkGaV6p8qnxA http://clicks.aweber.com/y/ct/?l=LppUu&m=1aTgQTfrPmtWfo&b=F93avRtrUMj_GIlfnpC6oA All of these previous online phishing scams rely on the userbeing fooled into clicking a link, whereas the tab-nabberplays a different and much less obvious trick. If you're a regular Internet user, you'll know how tabs work.In your browser -- for example, Internet Explorer, Firefox,Safari or Google Chrome -- they allow you to have severalpages open at once, and to hop from one to the other. Sometimes, when you click on a link in one page, it opens thenew page in a separate tab, and it's not unusual to have halfa dozen or more tabs open at once. You even forget which ones you had open, which helps thetab-nabber immensely. The way this particularly evil form of Internet phishing worksgoes like this: * You already have a couple of tabs open when you land on apage controlled by the tab-nabber (though you won't knowthis). * While you're viewing this page, the tab-nabber accesses yourbrowsing history to see which sites you regularly visit thathave value to him -- again like Amazon, PayPal or an emailaccount like Gmail. * He (or she) then changes one of your tabbed pages to mimicone of these sites, complete with what looks like the genuinelogo on the tab itself, hoping, when you return to this tab,you will think you must have visited that page earlier andjust forgotten. * Even better, from the tab-nabber's point of view, you mayreally have just visited the genuine site (your bank, forexample), left it open in the tab, and then returned to it todiscover you seem to have been logged out. * Either way, the aim is to get you to think you're logging inagain and, hey presto, the scammer has pulled off his cunningInternet phishing trick. Two key aspects make this much more effective than previousonline phishing scams: First, you don't have to click a link to get to the boguspage; you just click on what looks like a genuine page tab. Second, it uses sites you habitually visit whereas phishingemails often seem to come from organizations you've had nodealings with, so you would immediately suspect something waswrong. In addition, if you do your banking online, the bank oftenwill actually sign you out if there's no activity on theirpage, even if you still have it open in a tab. It's notunusual to be asked to sign on again. However, two other things give the tab-nabbing trick away:First, although the page may look genuine, the Internetaddress or URL (the name of the site given in the address barat the top of your browser) won't. So, the real Amazon home page for instance will show"amazon.com" but a bogus page will have something quitedifferent, even if it has the word "amazon" in it. Second, the little padlock icon that appears in your browser(usually bottom right), when you visit a secure website, willbe missing. Still, it's a wicked deception, highlighted recently by aspecialist who works for Mozilla, the organization that makesthe Firefox browser. You can see his video demonstration oftab-nabbing (sometimes also called "tabnabbing" or"tabnapping") here if you have Adobe Flash installed. http://clicks.aweber.com/y/ct/?l=LppUu&m=1aTgQTfrPmtWfo&b=1UOtm_GuH_HsG98yrFtQew What can you do to ensure you don't fall victim to this newtype of Internet phishing? To be doubly-secure, here's whatyou should do. 1. Get into the habit of glancing at the address bar for everypage you visit or revisit. This makes good secure-surfingsense anyway. 2. Look for that padlock on what should be a secure site page. 3. After visiting a secure page, close it when you're done,rather than keeping it open in a tab. 4. If a site invites you to sign on again, close the tab andre-key the correct address. Any one of these four steps should help steer you clear of atab-nabbing scam -- and if you have security softwareintegrated with your browser, that should flag bogus sitestoo. With Internet phishing, you just can't be too cautious.
nline: