Thursday, June 10, 2010

Tab napping' - a new online scam

Watch out for this new online phishing scam which uses 'tab napping' to attack your computer - and your finances...

As internet users we’re all vulnerable to online scams. Unluckily for us, as soon as we become pretty good as spotting one type of attack, another more sophisticated version comes along in its place. In fact, technology company Mozilla - which developed the Firefox web browser - has recently warned against a possible threat from a new scam known as ‘tap napping’ which takes phishing one step further.

What is tab napping?

Tab napping is essentially a new kind of phishing scam. Until now phishing has involved sending hoax emails in an attempt to steal your usernames, passwords and bank details. Often the sender will claim to be from your bank and will ask you to verify your bank details by clicking on a link contained in the email.

The link actually directs you to a fake website which looks just like your bank's own website. Once you have typed in your login details they can be accessed by the criminals who set the fake site up.

But we’re beginning to wise up to phishing attacks like this, and many of us know we should be very wary of clicking URLs even if they appear to be in a legitimate email.

With awareness of phishing on the up, making it more difficult for scammers to succeed, tab napping could be the scam to watch out for next.

How does tab napping work?

Tab napping is more sophisticated than the phishing scams we’ve seen so far, and it no longer relies on persuading you to click on a dodgy link. Instead it targets internet users who open lots of tabs on their browser at the same time (for example, by pressing CTRL + T).

How does it work? By replacing an inactive browser tab with a fake page set up specifically to obtain your personal data - without you even realising it has happened.

Believe it or not, fraudsters can actually detect when a tab has been left inactive for a while, and spy on your browser history to find out which websites you regularly visit, and therefore which pages to fake.

So don't assume that after you have opened a new tab and visited a web page, that web page will stay the same even if you don’t return to it for a time while you use other windows and tabs. Malicious code can replace the web page you opened with a fake version which looks virtually identical to the legitimate page you originally visited.

How might tab napping work in practice?

Imagine you open the login page for your online bank account, but then you open a new tab to visit another website for a few minutes, leaving the first tab unattended. When you return to your bank’s site the login page looks exactly how you left it. What you haven’t realised is that a fake page has taken its place, so when you type in your username and password, you have inadvertently given the fraudster easy access to your account.

Even if you have already logged into your bank account before opening another tab, when you return you might find you’re being asked to login again. This may not necessarily rouse any suspicion since you might simply assume your bank has logged you out because you left your account inactive for too long. You probably won’t even think twice before logging in for a second time. But this time round you have accidently inputted your security details into a fraudster’s fake page which have been sent back to their server.

Once you have done so, you can then be easily redirected to your bank’s genuine website since you never actually logged out in the first place, giving you the impression that all is well.

How can you protect yourself against tab napping?

This is pretty scary stuff but thankfully tab napping should be relatively easy to avoid. Here are five simple ways you can prevent yourself from falling victim:

•Make sure you always check the URL in the browser address page is correct before you enter any login details. A fake tabbed page will have a different URL to the website you think you’re using.
•Always check the URL has a secure https:// address even if you don’t have tabs open on the browser.
•If the URL looks suspicious in any way, close the tab and reopen it by entering the correct URL again.
•Avoid leaving tabs open which require you to type in secure login details. Don't open any tabs while doing online banking - open new windows instead (CTL + N).

Click Computers – Computer Repair Utah
Click Computers is Utah’s Onsite Computer Repair Specialists for your Home and Business.

Thursday, June 3, 2010

iPad Phishing Scheme Advertised on Facebook


Social networking is so good even for illegitimate marketing campaigns

How would you like to get one of the much-anticipated iPad gizmos in exchange of simply filling up a mere survey? Well, the offer sounds pretty good – in fact, it sounds too good to be true and that’s what it is.

The scheme is massively advertised on a Facebook Events page where about 2500 people signed up for the event and – probably – fell victim to the phishing attack. The idea behind it is extremely simple: you sign up for “reviewing” an iPad device, get the product and a questionnaire you need to fill in and return to the company. Needless to say that you get to keep the reviewed item without any commitment on your side

Concealed by a short URL, the target phishing page initially asks for some pretty reasonable info such as the first name and the email address, and culminates with requiring a full set of details, including the full name, home address and phone numbers, as shown below. In order to make the whole deal look legit, the attackers have thrown in logos belonging to high-profile media outlets, although the mentioned institutions have no clue about this initiative.

After all the data has been collected, the attacker asks the user to undergo a last security check and provide their Facebook username and password. Please note that our experiment is carried in a contained environment and we do not encourage you to type in your account credentials on any website except for the genuine one.

To add insult to injury and to maximize the damage, the unwary user whose account has just been phished would be required to download and install an adware application (a browser toolbar) that hijacks the browser’s start page and swaps the default search engine, among others.

Needless to mention that, after filling in the personal details, getting phished and installing the toolbar you’ll never get the iPad, nor will you hear from the attackers again.

The scheme is based on a common practice amongst product creators, namely sending sample units for reviewing. However, it’s not everybody who can receive a testing unit, as the offer is mostly pointed at opinion influencers, high-profile bloggers and – most of all – specialized review websites. Even that way, journalism ethics urge that the reviewer returns the tested unit to the provider after the process has completed. Now, repeat after me: if something looks too good to be true, then it probably is and you’ll end up hurting yourself.

Click Computers – Computer Repair Utah
Click Computers is Utah’s Onsite Computer Repair Specialists for your Home and Business.

Wednesday, June 2, 2010

The Unwary Facebook® User Might Accidentally “Like” Clickjacking Worm

A documented feature in Facebook became a security breach these days: a transparent iFrame placed exactly on the “like” button redirects users to various Web pages hosted on the blogspot.com free blogging platform. This attack uses a technique widely known under the name clickjack.



Clickjacking is an old method that (as its name stands for) hijacks user’s mouse clicks on a page in order to force ill-intentioned web activities. A hidden or transparent iframe is placed on top of a legitimate button which is most likely known by users. Once they click what they know to be there - usually a message box - they are immediately redirected to a different page and asked to fill in forms, confirm their credentials, answer some questions or further click other links. Of course, this page looks legit and trustworthy so that the unwary Internet user has no idea what happened.

Social networking platforms are mostly targeted by this kind of attacks. The explanation is simple: a lot of people use them for socialization reason; hence their popularity. Moreover, the extensive database of such a community lures a significant number of cybercriminals inciting their ill-intentioned creativity.

The most recent Facebook clickjacker blends the documented feature of registering an anonymous "like" button without adding extra security checks with highly enticing comments, such as those depicted below:.

"LOL This girl gets OWNED after a POLICE OFFICER reads her STATUS MESSAGE.", "This man takes a picture of himself EVERYDAY for 8 YEARS!!", "The Prom Dress That Got This Girl Suspended From School.""This Girl Has An Interesting Way Of Eating A Banana, Check It Out!"

Upon clicking the infamous “like” button, users access transparent iframe which sends them towards various blogspot.com-hosted web pages. In some cases, they reach an apparently blank page with a “click here to continue” message or they are asked to fill in a questionnaire. Due to Facebook’s popularity and their extensive user base, this social networking service has become not only a preferred target of information harvesters, but also the favorite playground for commercial purposes (such as disseminating adware, making users click on ads or filling in forms). Now imagine that each form filled by the unwary Facebook user brings the hijacker a specific revenue times the number of lured users and you’ll see why clickjacking is that popular.

Click Computers – Computer Repair Utah
Click Computers is Utah’s Onsite Computer Repair Specialists for your Home and Business.