TabShots: Client-side detection of tabnabbing attacks

ASIA CCS 2013 - Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security

Volumn , Issue , 2013, Pages 447-455

  De Ryck, Philippe ^a   Nikiforakis, Nick ^a   Desmet, Lieven ^a   Joosen, Wouter ^a  

^a UNIVERSITY OF LEUVEN   (Belgium)

Author keywords

client side protection; phishing; tabnabbing

Indexed keywords

ANTI-PHISHING; CLIENT SIDES; EXPERIMENTAL EVALUATION; LOG-IN PAGE; PHISHING; SECURITY AND PRIVACY; TABNABBING; WEB APPLICATION;

COMPUTER CRIME;

SECURITY OF DATA;

EID: 84877967533     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2484313.2484371     Document Type: Conference Paper

References (24)

1. E. Adler. Tabnabbing without JavaScript. http://blog.eitanadler.com/2010/ 05/tabnabbing-without-javascript.html.
2. N. Agarwal, S. Renfro, and A. Bejar. Yahoo!'s Sign-in Seal and current anti-phishing solutions.
3. AOL acts to thwart hackers. http://simson.net/clips/1995/95.SJMN.AOL- Hackers.html.
4. R. Dhamija and J. D. Tygar. The battle against phishing: Dynamic security skins. In Proceedings of the 2005 symposium on Usable privacy and security, SOUPS '05, pages 77-88, New York, NY, USA, 2005. ACM.
5. R. Dhamija, J. D. Tygar, and M. Hearst. Why phishing works. In Proceedings of the SIGCHI conference on Human Factors in computing systems, CHI '06, pages 581-590, New York, NY, USA, 2006. ACM.
6. P. Dubroy. How many tabs do people use? (Now with real data!). http://dubroy.com/blog/how-many-tabs-do-people-use-now-with-real-data/.
7. S. Egelman, L. F. Cranor, and J. Hong. You've been warned: an empirical study of the effectiveness of web browser phishing warnings. In Proceedings of the SIGCHI conference on Human factors in computing systems, CHI '08, pages 1065-1074, New York, NY, USA, 2008. ACM.
8. D. Jang, R. Jhala, S. Lerner, and H. Shacham. An empirical study of privacy-violating information flows in JavaScript Web applications. In Proceedings of CCS 2010, pages 270-83. ACM Press, Oct. 2010.
9. J. Leyden. Hackers break onto White House military network. http://www.theregister.co.uk/2012/10/01/white-house-hack/.
10. L. Masinter. The "data" url scheme. 1998.
11. N. Nikiforakis, A. Makridakis, E. Athanasopoulos, and E. P. Markatos. Alice, What Did You Do Last Time? Fighting Phishing Using Past Activity Tests. In Proceedings of the 3rd European Conference on Computer Network Defense (EC2ND), volume 30, pages 107-117, 2009.
12. NoScript - JavaScript/Java/Flash blocker for a safer Firefox experience! http://noscript.net/.
13. PhishTank | Join the fight against phishing. http://www.phishtank.com.
14. A. Raskin. Tabnabbing: A new type of phishing attack. http://www.azarask.in/blog/post/a-new-type-of-phishing-attack/.
15. Safe Browsing API - Google Developers. https://developers.google.com/ safe-browsing/.
16. D. R. Sandler and D. S. Wallach. 〈input type= "password"〉must die! In Proceedings of W2SP 2008: Web 2.0 Security & Privacy 2008, Oakland, CA, May 2008.
17. SiteKey Security from Bank of America. https://www.bankofamerica.com/ privacy/online-mobile-banking-privacy/sitekey.go.
18. StatCounter. Screen resolution alert for web developers.
19. R. K. Suri, D. S. Tomar, and D. R. Sahu. An approach to perceive tabnabbing attack. In Internation Journal of Scientific & Technology Research, volume 1, 2012.
20. S. Unlu and K. Bicakci. Notabnab: Protection against the "tabnabbing attack". In eCrime Researchers Summit (eCrime), 2010, pages 1-5, oct. 2010.
21. Z. Weinberg, E. Y. Chen, P. R. Jayaraman, and C. Jackson. I still know what you visited last summer: Leaking browsing history via user interaction and side channel attacks. In Proceedings of the 2011 IEEE Symposium on Security and Privacy, SP '11, pages 147-161, 2011.
22. L. Wenyin, G. Huang, L. Xiaoyue, Z. Min, and X. Deng. Detection of phishing webpages based on visual similarity. In Special interest tracks and posters of the 14th international conference on World Wide Web, WWW '05, pages 1060-1061, New York, NY, USA, 2005. ACM.
23. M. Wu, R. C. Miller, and S. L. Garfinkel. Do security toolbars actually prevent phishing attacks? In Proceedings of the SIGCHI conference on Human Factors in computing systems, CHI '06, pages 601-610, New York, NY, USA, 2006. ACM.
24. Y. Zhang, J. I. Hong, and L. F. Cranor. Cantina: a content-based approach to detecting phishing web sites. In Proceedings of the 16th international conference on World Wide Web, WWW '07, pages 639-648, New York, NY, USA, 2007. ACM.