Definition
Tabnabbing is a cyber exploit and phishing tactic that bad actors use to manipulate idle web pages that users leave open. If you leave a legitimate site open, an attacker can exploit your inattention to redirect the site to a malicious one they control.
Once you open the malicious site, the attacker will trick you into inputting your login credentials and other private information, with you believing that you’re on the legitimate site.
Like other phishing methods, the attacker will deploy a tabnabbing attack by sending links to malicious websites through email, messages, or other avenues.
Tab nabbing is more difficult to protect against than other phishing techniques because it doesn’t involve the user clicking a malicious link. Instead, the user has done everything correctly. However, the attacker has already compromised the website and is waiting for the user to click on it.
Preventing Tabnabbing Attacks
- Minimize the number of web pages open concurrently.
- Use different windows for different tabs. For example, you can open your work tabs in one window and another for other tabs.
- Confirm the website’s URL legitimacy if you notice anything suspicious.
- Check for spelling mistakes and suspicious layouts and fonts of a website.