<>~<>~<><>~<>~<><>~<>~<><>~<>~<><>~<>~<><>~<>~<><> ~<>
Special Issue: Tab-Nabbing -- The Latest Internet Phishing
Scam
<>~<>~<><>~<>~<><>~<>~<><>~<>~<><>~<>~<><>~<>~<><> ~<>

Just when you thought you'd seen it all, a new and
particularly nasty form of Internet phishing, called
tab-nabbing, poses a new identity theft threat to web users.

Phishing, just to remind you, happens when a scammer deceives
you into giving away information about yourself, mostly
account details such as username and password.

Usually via an email or a link on another web page, they
direct you to a bogus site that looks exactly like the genuine
article -- like PayPal or Amazon for example -- and captures
your login details when you try to sign in.

The crook can then use those details to sign on and remove
money or make purchases on your account.

You can read more about Internet phishing in some of our
earlier issues.

http://clicks.aweber.com/y/ct/?l=76C...nIYoRfPiDUjLfA

http://clicks.aweber.com/y/ct/?l=76C...brfkGaV6p8qnxA

http://clicks.aweber.com/y/ct/?l=76C...UMj_GIlfnpC6oA

All of these previous online phishing scams rely on the user
being fooled into clicking a link, whereas the tab-nabber
plays a different and much less obvious trick.

If you're a regular Internet user, you'll know how tabs work.
In your browser -- for example, Internet Explorer, Firefox,
Safari or Google Chrome -- they allow you to have several
pages open at once, and to hop from one to the other.

Sometimes, when you click on a link in one page, it opens the
new page in a separate tab, and it's not unusual to have half
a dozen or more tabs open at once.

You even forget which ones you had open, which helps the
tab-nabber immensely.

The way this particularly evil form of Internet phishing works
goes like this:

* You already have a couple of tabs open when you land on a
page controlled by the tab-nabber (though you won't know
this).

* While you're viewing this page, the tab-nabber accesses your
browsing history to see which sites you regularly visit that
have value to him -- again like Amazon, PayPal or an email
account like Gmail.

* He (or she) then changes one of your tabbed pages to mimic
one of these sites, complete with what looks like the genuine
logo on the tab itself, hoping, when you return to this tab,
you will think you must have visited that page earlier and
just forgotten.

* Even better, from the tab-nabber's point of view, you may
really have just visited the genuine site (your bank, for
example), left it open in the tab, and then returned to it to
discover you seem to have been logged out.

* Either way, the aim is to get you to think you're logging in
again and, hey presto, the scammer has pulled off his cunning
Internet phishing trick.

Two key aspects make this much more effective than previous
online phishing scams:

First, you don't have to click a link to get to the bogus
page; you just click on what looks like a genuine page tab.

Second, it uses sites you habitually visit whereas phishing
emails often seem to come from organizations you've had no
dealings with, so you would immediately suspect something was
wrong.

In addition, if you do your banking online, the bank often
will actually sign you out if there's no activity on their
page, even if you still have it open in a tab. It's not
unusual to be asked to sign on again.

However, two other things give the tab-nabbing trick away:
First, although the page may look genuine, the Internet
address or URL (the name of the site given in the address bar
at the top of your browser) won't.

So, the real Amazon home page for instance will show
"amazon.com" but a bogus page will have something quite
different, even if it has the word "amazon" in it.

Second, the little padlock icon that appears in your browser
(usually bottom right), when you visit a secure website, will
be missing.

Still, it's a wicked deception, highlighted recently by a
specialist who works for Mozilla, the organization that makes
the Firefox browser. You can see his video demonstration of
tab-nabbing (sometimes also called "tabnabbing" or
"tabnapping") here if you have Adobe Flash installed.

http://clicks.aweber.com/y/ct/?l=76C...H_HsG98yrFtQew

What can you do to ensure you don't fall victim to this new
type of Internet phishing? To be doubly-secure, here's what
you should do.

1. Get into the habit of glancing at the address bar for every
page you visit or revisit. This makes good secure-surfing
sense anyway.

2. Look for that padlock on what should be a secure site page.

3. After visiting a secure page, close it when you're done,
rather than keeping it open in a tab.

4. If a site invites you to sign on again, close the tab and
re-key the correct address.

Any one of these four steps should help steer you clear of a
tab-nabbing scam -- and if you have security software
integrated with your browser, that should flag bogus sites
too. With Internet phishing, you just can't be too cautious.

That's a wrap for this issue. Wishing you a great week!