Over 900 victims in Singapore fall prey to online-banking malware: Report [views 10084]

Google Maps helps him find his parents [views 2445]

Secure your text messages with locally developed app [views 1529]

Yahoo! confirms Tumblr deal for $1.38 billion [views 932]

Fake headphones hawked at major IT fair [views 609]

Contribute

User can contribute their views, questions and photos here.

Samsung Galaxy S4 LTE SmartphoneInitial sales figures show that consumers have taken to the S4. And this is what really matters.

read more

p;log online photo scrapbookingThis is a great local service for digital scrapbooking and personalised gift ideas, with fast printing time and responsive customer service.

read more
Your identity’s been ‘tab-napped’
Fraudsters are replacing inactive webpages with a fake page to get at your login details.
By Gwendolyn Ng,
15-06-10
0 comment

YOU want to pay bills online and decide to load your bank's login page in one of the multiple tabs opened in your Web browser.

You switch to another tab for a few seconds, and when you return to the bank's site it looks exactly like how you left it.

So you happily enter your login details and, before you know it, you've been "tabnapped".

Beware tab-napping, a sly tactic fraudsters are now using to phish for personal information by replacing an inactive webpage with a fake page.

Phishing is the act of stealing sensitive information by posing as a legitimate source.

Tab-napping was highlighted last month by Mr Aza Raskin, creative head of Mozilla Firefox, in a blog post that demonstrated how scammers attack unsuspecting users.

For instance, when you navigate away from his website to another tab and then return to the site, the screen switches to an innocent- looking Gmail login page.

Information-technology experts my paper spoke to identified JavaScript, a type of programming language, as the culprit behind tab-napping.

Mr David Hall, regional consumer- product marketing manager (Asia-Pacific) of security firm Symantec, said: "When someone visits a page that contains malicious JavaScript, the script can check the person's browsing history to determine the usual websites he visits.

"The script waits for a predetermined period of inactivity before changing the display of the inactive tab to resemble the webpage of one of those sites and asks for login credentials."

Mr Raskin added that some scammers go a step further by tricking users into re-authenticate their login details, ostensibly to reactivate an expired session.

He warned that such re-authentication happens often on bank websites, making them "even more susceptible to this kind of attack".

While financial websites are often targets, users of popular social- networking site Facebook should beware as it is fast becoming a favourite phishing target.

Mr Paul Ducklin, head of technology (Asia-Pacific) of IT security firm Sophos, said the easiest way to avoid these scammers is to open the bank site in a tab of its own only when you want to start banking.

He said: "That way, there is never a hidden tab in which the bad guys can change things in the background.

"Likewise, close your browser when you have finished a transaction... There will then be no 'trusted tabs' left behind to confuse you in the future."


For more my paper stories click here.

Comments
No comments
Post comments
Login

Expat blogger calls Singaporeans stupid

March 27, 2013 08:53 AM
228 comments

Molested? You asked for it

February 08, 2013 08:16 AM
178 comments

Fee hike for Cable TV; Sports viewers hardest hit

January 12, 2008 07:47 PM
141 comments

Nearly here: the next wave of mobile revolution

November 30, 2012 10:17 AM
97 comments