The attack goes like this:
1. A user navigates to a normal looking site.
2. The page detects when the page has lost its focus and hasn’t been interacted with for a while.
4. As the user scans their many open tabs, the favicon and title act as a strong visual cue—memory is malleable and moldable and the user will most likely simply think they left a Gmail tab open. When they click back to the fake Gmail tab, they’ll see the standard Gmail login page, assume they’ve been logged out, and provide their credentials to log in. The attack preys on the perceived immutability of tabs.
5. After the user has entered their login details the information is stored by the attacker and the user is then redirected back to Gmail. Because the user never actually logged out of gmail it will appear as if the login was successful and the user is none the wiser.
Be careful out their, 'tis a jungle