Tabjacking: a new and ingenious phishing attack
That's exactly what 'tabjacking' does. Open Aza Raskin's proof of concept in a new tab. Admire the sample code. Now, change tabs, wait five seconds, and then watch in horror as his site seemingly becomes GMail.
If you're like me, I always check the address bar before typing a sensitive password. I'm not actually sure what I'll do, now that tabjacking code is in the wild.
As Aza says, it's high time we move to browser-based authentication solutions like the Firefox Account Manager.