What is tabnabbing and how does it work?

Have you heard of tabnabbing? It is a form of phishing that manipulates web pages intending to steal your personal data. Read on to out how you can protect yourself and your company from such attacks.

Like other varieties of phishing, tabnabbing is a form of fraud that targets users for a variety of reasons, ranging from identity theft or installing malware to the looting of accounts. But how exactly does it work?

Let’s say you have several tabs open in your browser. This is a regular occurrence for most of us, especially at work. A pop-up window will appear, which you might click on and just as quickly forget about. You then proceed from one website to the next without closing the previous tab. Very often, old tabs can remain open for several days. This gives hackers enough time to make a copy of the inactive page. If you switch back to the new tab, the hacker can begin the attack. They duplicate the website of the inactive tab, which redirects you to the malicious site.

If you were to switch back to the old tab, you might not even realise that you are on a completely different page due to them looking almost identical. This method is incredibly effective in helping hackers to obtain sensitive data.

Examples of tabnabbing

There are many ways to carry out a tabnabbing attack. As mentioned, this can be achieved when several tabs are open (especially when open over a more extended period of time), resulting in various inactive websites. This allows hackers to copy one of these inactive pages and create a redirect to another page. Additionally, there is another method whereby redirects are achieved via advertisements on a website or a specially designed pop-up. Such an attack could work in the following way:

1. A user is on a website (e.g. a social media site such as Facebook). Social media sites are often used for such attacks, as it is very easy to share malicious links. Since users believe they are in a protected space where they only see content from friends and relatives, they are less aware of the risks and thus more susceptible to these attacks.
2. On the Facebook homepage, various posts are displayed. There is also an advertisement that leads to a cheap deal or another product that our example user is interested in. Without overthinking, they click on the link, which leads to the supposed deal or product.
3. Then, the old tab on which Facebook is open becomes inactive. As long as the user is browsing the page with the supposed deal, hackers have enough time to create a copy of the Facebook page and set up a redirect.
4. If the user now selects the Facebook tab again, they are no longer on their Facebook page but on a malicious copy.
5. Here, the user is asked to enter their login data again, under the pretence that they have been inactive for too long, for example. Of course, the user does not consciously think about it and carelessly enters their login data. This enables the hackers to acquire the login data and obtain a lot of additional information about the user.

How dangerous is tabnabbing?

Phishing – in whatever form – is a massive threat to companies and costs them a lot of money. RiskIQ¹ says that cybercrime costs companies worldwide about $1.8 million per minute. Not all of this is directly attributed to phishing or tabnabbing, but it is a part of it. Tabnabbing is particularly dangerous because it is not as well-known as an attack method, unlike traditional phishing emails. Even more concerning, it is not as apparent to the untrained eye that an attack is taking place.Considering the financial and reputational damage that phishing emails can cause companies, it is easy to imagine the risks that can also arise through tabnabbing. According to Cisco’s Cyber Security Support, in 2021, at least one employee in 86% of all companies clicked on a phishing email link, thus demonstrating how high the risk of cybercrime really is. Cybercriminals do not discriminate: these attacks can affect both individuals and companies at any time.

How do I protect myself from tabnabbing?

There are some simple rules you can apply in your business to protect yourself from tabnabbing:

1. Keep only a few tabs open. This tip is a simple yet very effective protection method. In fact, it is much easier to open a new tab than to find the right one in a multitude of already open ones.
2. Check the address bar. If something seems strange or you are requested to enter your data again, check the web address in the address bar. By doing so, you can immediately determine whether you are still on the original website or a malicious copy.
3. Check the content of the page carefully. Even though hackers are very good at copying websites, they rarely do everything perfectly. Sometimes the design looks different; other times, there are spelling mistakes or strange wording.

But the most important tip is to undertake continuous security awareness training and promote awareness in your company. After all, employee ignorance of these issues is still the biggest problem when it comes to the various risks relating to tabnabbing or other cyberattacks. To help with this, we offer you our Information Security Course, in which you and your employees are trained and extensively informed about the various risks of online attacks.

_{¹www.riskiq.com/resources/infographic/evil-internet-minute-2021/}