Tab nabbing: an ingenious phishing vector

Aza Raskin found a clever way to phish users' credentials. The idea consits of waiting until a visitor switches tabs to replace the favicon and page content with a fake site.

You can try the attack by visiting . After loading the page, switch tabs for a few seconds and then go back to Aza's site.

You can avoid falling for this attack by: