Tabnabbing is a type of phishing attack and cyber exploit that bad actors use to manipulate inactive web pages that users leave open in their browsers. When the tab of the legit site is left open, attackers take advantage of the user not paying attention to redirect that site to a malicious one that they control. Once the user is on the malicious site, the attacker tricks them into typing in their login credentials and other personal information, with the user believing that they are still on the legitimate site.
Tabnabbing attacks are usually deployed by sending users links to malicious websites via email, message, or other avenue, similar to traditional phishing attacks. Tabnabbing is a bit more challenging to ward against than other phishing attacks because it doesn’t involve the user making a mistake and clicking a malicious link. Rather, the user has done everything correctly. However, through tabnabbing, the hacker has already manipulated the website and is waiting for the user to click on it.
Preventing tabnabbing attacks
- Try to reduce the number of tabs you have open at a time.
- Separate your tabs in different windows. For instance, keep your work tabs open in one window while using a different window for other tabs you need.
- If you notice that the site’s content is different without you doing anything, check the address bar to see whether the URL is different.
- Carefully examine the page and look for spelling mistakes and unusual layouts that do not match the site as you know it.