eWeek: If you leave multiple tabs open while browsing, you could be leaving yourself open to a new type of phishing attack known as "tabnapping." Discovered by Mozilla's Aza Raskin, the scam works like this: First, the user visits a compromised Web site. Malware from that site determines which sites the user often visits (Gmail, Citibank, etc.). It then changes one of the browser tabs that is open but not currently in use into a fake version of one of those sites. When the user clicks on the tab and enters login credentials, the criminals can then steal the information.
The technique works on all major browsers on both Windows and OS X.