Wikipedia is not very explicit on this,
The exploit employs scripts to rewrite a page of average interest with an impersonation of a well-known website, when left unattended for some time.
What is 'tabnabbing', how does one do it?
Wikipedia is not very explicit on this,
The exploit employs scripts to rewrite a page of average interest with an impersonation of a well-known website, when left unattended for some time.
What is 'tabnabbing', how does one do it?
Tabnabbing is a phishing technique where a malicious web site changes its looks while the tab is inactive in order to trick the user into entering credentials.
This page is simultaneously a description and a demo. When you visit it, it shows a description of what tabnabbing is. When you then click another tab, it changes the tabs favicon and title to look like Gmail. Later, when the user wants to read her mail she goes to this tab thinking it is Gmail and enters her credentials.
Edit:
In this animation, you see that while I am reading SE, the tab that at first looked harmless changes in the background to look like Gmail. This way the page tries to trick me into submitting my credentials.
It is a form of social engineering attack through your web browser. You are asked to visit a malicious page which will only get loaded if you switch to another tab and back. There are some tools around to do this. Best for me is Social Engineering Toolkit. It comes pre-installed with Kali Linux along with other useful toys.