TabShots: client-side detection of tabnabbing attacks

  • Authors:

  • Philippe De Ryck;Nick Nikiforakis;Lieven Desmet;Wouter Joosen

  • Affiliations:

  • KU Leuven, Heverlee, Belgium;KU Leuven, Heverlee, Belgium;KU Leuven, Heverlee, Belgium;KU Leuven, Heverlee, Belgium

  • Venue:
  • Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security
  • Year:
  • 2013

Quantified Score

Hi-index 0.00

Visualization

Abstract

As the web grows larger and larger and as the browser becomes the vehicle-of-choice for delivering many applications of daily use, the security and privacy of web users is under constant attack. Phishing is as prevalent as ever, with anti-phishing communities reporting thousands of new phishing campaigns each month. In 2010, tabnabbing, a variation of phishing, was introduced. In a tabnabbing attack, an innocuous-looking page, opened in a browser tab, disguises itself as the login page of a popular web application, when the user's focus is on a different tab. The attack exploits the trust of users for already opened pages and the user habit of long-lived browser tabs. To combat this recent attack, we propose TabShots. TabShots is a browser extension that helps browsers and users to remember what each tab looked like, before the user changed tabs. Our system compares the appearance of each tab and highlights the parts that were changed, allowing the user to distinguish between legitimate changes and malicious masquerading. Using an experimental evaluation on the most popular sites of the Internet, we show that TabShots has no impact on 78% of these sites, and very little on another 19%. Thereby, TabShots effectively protects users against tabnabbing attacks without affecting their browsing habits and without breaking legitimate popular sites.