http://simonwillison.net/2010-05-25T15:20:00+00:00Simon Willison2010-05-25T15:20:00+00:002010-05-25T15:20:00+00:00https://simonwillison.net/2010/May/25/phishing/#atom-tag

<p><strong><a href="http://www.azarask.in/blog/post/a-new-type-of-phishing-attack/#">A New Type of Phishing Attack</a></strong></p> Nasty trick from Ava Raskin—detect when your evil phishing page loses focus (when the user switches to another tab, for example), then replace the page content with a phishing UI from a site such as Gmail. When the user switches back they’re much less likely to bother checking the URL. Combine with CSS history sniffing to only show a UI for a site that you know the user has visited. Combine that with timing tricks to only attack sites which the user is currently logged in to. <p>Tags: <a href="https://simonwillison.net/tags/phishing">phishing</a>, <a href="https://simonwillison.net/tags/security">security</a>, <a href="https://simonwillison.net/tags/recovered">recovered</a>, <a href="https://simonwillison.net/tags/azaraskin">azaraskin</a></p>