A New Type of Phishing Attack

Traditional "phishing attacks" involve tricking users to click on links on a website that take them to bogus sites that look legitimate, but are not.  Once the user has entered that site, they are vulnerable to theft of personal information.

Aza Raskin of Mozilla is warning about a new type of phishing, called "tabnabbing", that doesn’t require clicking on a link at all.  It’s a browser-based attack, targeting multi-taskers who have multiple tabs open.  If the user is visiting a website infected with malicious tabnabbing code, a tab in the background will change into what appears to be a legitimate site that looks quite familiar.  One you want to be logged into, like Gmail or a banking site.  Clicking on it will not log you in.  But since many sites log you out automatically after a period of time, you may assume that you need to log in again.  If you do log in, however, you are giving your log-in credentials to the tabnabber.

Because the malicious code is running on the website, not on the user’s PC, security programs won’t protect users.  Solutions are being sought, but awareness of the issue may be the best defense at this time. 

At CCS, we know that keeping your Point of Sale System safe is very important.  We’re here to answer your questions.  Call us at 800-672-4806 or email us


Leave a Reply