requests sensitive personal data. And, to counter those, attackers often use tabnabbing which is much more stealthy and difficult to detect.
How to prevent tabnabbing?
Tabnabbing is undoubtedly very stealthy, but with proper precautions, we can always safeguard ourselves from this attack.
- Before logging in to or providing sensitive data to any website, look at the address bar of the browser. Make sure the URL is proper, and the website uses HTTPS with a proper digital certificate. You can click on the lock icon on the left side of a URL in the address bar to get more information on the website’s ownership and the digital certificate used.
- Do not allow scripts on a webpage if the webpage is not trusted. You can use several browser plugins for that purpose. For example, NoScript is a Firefox extension that can effectively prevent tabnabbing. It can prevent JavaScript from running from an untrusted website and prevent certain scriptless attacks based on meta refresh.
The above article gives a brief overview of tabnabbing. Interested readers who want to know more about how attackers use different techniques in a phishing scam may want to refer to the book Phishing: Detection, Analysis, And Prevention.
0 Comments