New security research is shining a light on an attack technique that can be used to trick users into entering their personal information on phishing sites.
Raskin’s proof-of-concept attack takes advantage of users who keep multiple tabs open. If the user visits a malicious site or one that has been compromised, the attacker can silently change the contents and label of an open, inactive tab to resemble the log-in screen of another site, such as Google Gmail.