What is tabnabbing?
Tabnabbing is a technique often used by attackers to perpetrate phishing attacks. The attack takes advantage of a user’s trust and inattention while opening multiple tabs in a browser and can deceive the victim into submitting sensitive credentials or other sensitive data.
The attack was first described by Mozilla Firefox creative lead Aza Raskin and is often used by attackers as a phishing technique.
How does tabnabbing work?
Tabnabbing usually works in the following way:
- A user opens a malicious website along with multiple other tabs in the browser.
- The malicious website uses some malicious scripts to detect when the tab is idle and inactive. This usually happens when the user is inattentive, and the webpage is left unattended for some time.
- Once the above condition is met, the malicious script executes itself and rewrites the whole webpage in the tab where the malicious webpage was opened.
- For example, the webpage can rewrite itself completely and open a fake webpage that looks identical to the Facebook login page.
- To evade detection, the scripts can even change the webpage title shown in the tab and the favicon, which is displayed as an image on the left side of the webpage title.
- When the user returns to his open browser, he usually relies on the favicon and the webpage title to determine what tabs he has opened.
- In our case, when the user comes back and looks at his browser, he sees the Facebook login page opened in one of the tabs. He may rely on the title and favicon and fail to notice other signs of this phishing attack.
- If the user now provides his credentials to the fake Facebook page, the credentials and other sensitive personal data will be stolen by the criminals.
Why do attackers use tabnabbing in phishing?
Traditional phishing techniques largely rely on a phishing link or a malicious attachment. If the user is educated enough or becomes suspicious and alerted, the attack fails. For example, a user may not open an attachment sent by an unknown sender, open any untrusted links, or respond to an email that …
0 Comments