NoTabNab: Protection against the "tabnabbing attack"


Unlu S. A. , Bicakci K.

2010 Fall General Meeting and eCrime Researchers Summit, eCrime 2010, Dallas, TX, United States Of America, 18 - 20 October 2010 identifier

  • Publication Type: Conference Paper / Full Text
  • Doi Number: 10.1109/ecrime.2010.5706695
  • City: Dallas, TX
  • Country: United States Of America
  • Keywords: Browser add-on, Phishing, Software, Tabnabbing, Web security
  • Istanbul Technical University Affiliated: No

Abstract

In recent years phishing attacks have become one of the most important problems of online security. Aza Raskin, the creative lead of Mozilla Firefox team, proposed a new type of phishing attack, "tabnabbing attack" as he names it. The attack is different from classical phishing attacks; while classical attacks rely on deception of users with a similar URL and/or content in appearance to the original site, this attack uses our memory weakness and false perception that browser tabs are immutable i.e., do not change while inactive. We develop a Firefox add-on to protect users against this attack. Our method is based on the fact that a phishing web site should change its layout radically to look like the original site. This add-on watches the open tabs and indicates whether one changes its layout, favicon and/or title to become like another site. © 2010 IEEE.