Contribute

User can contribute their views, questions and photos here.

Creative Sound BlasterAxx AXX 200With audio quality that matches the competition, the unexpected extras of the AXX 200 put it ahead of the competition.

Samsung Galaxy Note ProYou can easily get a better-performing laptop at this price, but a laptop will not have plenty of the features which you will find on the Samsung Galaxy Note Pro.

Your identity’s been ‘tab-napped’
Fraudsters are replacing inactive webpages with a fake page to get at your login details.
0 comment

YOU want to pay bills online and decide to load your bank's login page in one of the multiple tabs opened in your Web browser.

You switch to another tab for a few seconds, and when you return to the bank's site it looks exactly like how you left it.

So you happily enter your login details and, before you know it, you've been "tabnapped".

Beware tab-napping, a sly tactic fraudsters are now using to phish for personal information by replacing an inactive webpage with a fake page.

Phishing is the act of stealing sensitive information by posing as a legitimate source.

Tab-napping was highlighted last month by Mr Aza Raskin, creative head of Mozilla Firefox, in a blog post that demonstrated how scammers attack unsuspecting users.

For instance, when you navigate away from his website to another tab and then return to the site, the screen switches to an innocent- looking Gmail login page.

Information-technology experts my paper spoke to identified JavaScript, a type of programming language, as the culprit behind tab-napping.

Mr David Hall, regional consumer- product marketing manager (Asia-Pacific) of security firm Symantec, said: "When someone visits a page that contains malicious JavaScript, the script can check the person's browsing history to determine the usual websites he visits.

"The script waits for a predetermined period of inactivity before changing the display of the inactive tab to resemble the webpage of one of those sites and asks for login credentials."

Mr Raskin added that some scammers go a step further by tricking users into re-authenticate their login details, ostensibly to reactivate an expired session.

He warned that such re-authentication happens often on bank websites, making them "even more susceptible to this kind of attack".

While financial websites are often targets, users of popular social- networking site Facebook should beware as it is fast becoming a favourite phishing target.

Mr Paul Ducklin, head of technology (Asia-Pacific) of IT security firm Sophos, said the easiest way to avoid these scammers is to open the bank site in a tab of its own only when you want to start banking.

He said: "That way, there is never a hidden tab in which the bad guys can change things in the background.

"Likewise, close your browser when you have finished a transaction... There will then be no 'trusted tabs' left behind to confuse you in the future."


For more my paper stories click here.

Comments
No comments
Post comments
Login

Expat blogger calls Singaporeans stupid

November 21, 2013 05:39 PM
238 comments

The advantages and disadvantages of online friends

June 26, 2013 01:59 PM
168 comments

My first iPhone

January 03, 2014 01:46 AM
157 comments

SingTel, M1 & Starhub users experience outage after fire at SingTel building

October 16, 2013 11:35 PM
120 comments