Aza Raskin, Mozilla Firefox creative lead, demonstrated through his blog a new phishing technique using the tabs of the browser instead of the traditional phishing techniques which generally lead a user directly to a malicious web page that impersonates a trusted page, such as an online banking login site, which can then harvest the user’s login information.
The new phishing technique, which makes use of morphing browser tabs to trick people into giving away login information. If the user leaves the page open in a browser tab and clicks to another tab, the malicious tab changes itself into a replica of the trusted site. It changes the title and the icon displayed on the tab, among other things, Raskin said. In the researcher’s demonstration, the page imitated is the Gmail login page.
The user then might click back onto the malicious tab, mistaking it for the trusted site.
The attack works on major browsers including Firefox, Internet Explorer and Google Chrome and in Firefox it can be partially blocked using NoScript add-on.