I just came across a new phishing method called tabnapping. This affects browser which use tabs - including IE7+, Firefox and the latest version of chrome - v6 (but does not change favicon in earlier  versions of chrome). The basics of how it works is quite simple - a website which could either be malicious, or be compromised has a simple bit of javascript included in it. This script fires when the current browser tab is changed to a new tab, then in the background, the script changes the page title, favicon, and page content to look like a standard login page - commonly google, msn, or a banking site (they can use your browser history to detect which you commonly visit). When the browser clicks on the tab again, they will see the login page and if they enter their login details, they are redirected to the real google, msn, facebook or banking site and will be none the wiser. The phishing code then sends the login details to the hackers who can use this to gain access to your private data. The page content can also change if the script detectes that there is no activity on the page for a while - eg if you go off to make a cup of tea.

There are a few ways to detect this sort of activity. One is to install a javascript blocker liike NoScript (although there are ways to do tabnapping on firefox even with noscript installed. Another way is just to use common sense, eg check the url at the top of the page when you see the login screen, close windows when you are not using them, change passwords regulary, only type important passwords in browser windows that you have opened.

Since this is a javascript exploit, there are no patches that can be made for browsers to block it automatically - javascript is used on most websites that we visit. The only way this threat can be tackled is with user behaviour and anti-pishing efforts by the search engines and anti spyware.