[Source]

Just a heads up to people on a pretty clever phishing attack.  Click the link to read about it and see it working (it doesn't actually do any phishing, it just shows it working when you tab away and then goes back to the website when you click anything).

Or a video showing the above website:

A New Type of Phishing Attack from Aza Raskin on Vimeo.

Pretty scary because that one is pretty easy to be fooled by.

To be honest, why hasn't this been done sooner? It seems like it would be simple yet effective... unfortunately for us.

That's pretty smart.

So, if you have a bad memory, prepare to have your life fucked up.

The one he shows where it's just the log in one isn't as easy to get fooled but the ones where it says you session has expired is just plain evil, especially with the CSS mining.

If you had your gmail, facebook, or bank tab open, looked at another tab for a few seconds and then saw your session timed out would you look at your address bad first?

It isn't so much about memory or being gullible, it's more about just being a really clever attack.  And yeah, it's surprising it has taken this long for someone to figure that out.

This could even happen on safe sites like Google or Yahoo?

I believe so, you still have to navigate to the phishing site like normal.  The difference between this and other is instead of being a blatant phishing site, this is hidden in what could be a completely legit looking site that is only waiting for you to navigate away for a few seconds.

Thanks for bringing this to all of our attention.

I hope nobody phishes away my vgchartz password.

Lucky for me I never bother with tabs, I just open a whole new window. It doesn't mess with that does it? OR DOES IT????

DAMN thats clever