Instead of posting this on my blog, I thought it would be better if I did it here for the simple reason that this site is read way more in one day than what my blog would in one year.
Read in detail here:
Tabnabbing is a new type of phishing. The following is an excerpt taken from that site:
How The Attack Works
1. A user navigates to your normal looking site.
2. You detect when the page has lost its focus and hasn’t been interacted with for a while.
4. As the user scans their many open tabs, the favicon and title act as a strong visual cue—memory is malleable and moldable and the user will most likely simply think they left a Gmail tab open. When they click back to the fake Gmail tab, they’ll see the standard Gmail login page, assume they’ve been logged out, and provide their credentials to log in. The attack preys on the perceived immutability of tabs.
5. After the user has entered their login information and you’ve sent it back to your server, you redirect them to Gmail. Because they were never logged out in the first place, it will appear as if the login was successful.
It works in Firefox and partially in Chrome, but other browsers may be targeted too.
You can test this on his site (I still recommend reading the whole article), just change tabs and wait for about 5 seconds, go back and you'll see he's site change to be a Google login page (actually it's a screenshot, but you get the point).
Whenever you're asked to enter your credentials or "re authenticate your session" *always* check your address bar and see if the URL is correct. If it is not, clear your history, delete your cookies, close your browser and start a new session.
The blog I need help with is csswiz.wordpress.com.