Title :
NoTabNab: Protection against the “tabnabbing attack”
Author :
Unlu, Seckin Anil ; Bicakci, Kemal
Author_Institution :
Dept. of Comput. Eng., TOBB Univ. of Econ. & Technol., Ankara, Turkey
Abstract :
In recent years phishing attacks have become one of the most important problems of online security. Aza Raskin, the creative lead of Mozilla Firefox team, proposed a new type of phishing attack, “tabnabbing attack” as he names it. The attack is different from classical phishing attacks; while classical attacks rely on deception of users with a similar URL and/or content in appearance to the original site, this attack uses our memory weakness and false perception that browser tabs are immutable i.e., do not change while inactive. We develop a Firefox add-on to protect users against this attack. Our method is based on the fact that a phishing web site should change its layout radically to look like the original site. This add-on watches the open tabs and indicates whether one changes its layout, favicon and/or title to become like another site.
Keywords :
Web sites; computer crime; computer network security; invasive software; online front-ends; Mozilla Firefox; URL; browser add on; browser tab; online security; phishing attack; tabnabbing attack; web site; HTML; Helium; Keyboards; browser add-on; phishing; software; tabnabbing; web security;
Conference_Titel :
eCrime Researchers Summit (eCrime), 2010
Conference_Location :
Dallas, TX
Print_ISBN :
978-1-4244-7760-9
DOI :
10.1109/ecrime.2010.5706695
