Back
Cyber Security Training & Software for Companies | MetaCompliance

Products

Discover our suite of personalised Security Awareness Training solutions, designed to empower and educate your team against modern cyber threats. From policy management to phishing simulations, our platform equips your workforce with the knowledge and skills needed to safeguard your organisation.

Cyber Security eLearning

Cyber Security eLearning to Explore our Award-Winning eLearning Library, Tailored for Every Department

Security Awareness Automation

Schedule Your Annual Awareness Campaign In A Few Clicks

Phishing Simulation

Stop Phishing Attacks In Their Tracks With Award-Winning Phishing Software

Policy Management

Centralise Your Policies In One Place And Effortlessly Manage Policy Lifecycles

Privacy Management

Control, Monitor, and Manage Compliance with Ease

Incident Management

Take Control Of Internal Incidents And Remediate What Matters

Back
Industry

Industries

Explore the versatility of our solutions across diverse industries. From the dynamic tech sector to healthcare, delve into how our solutions are making waves across multiple sectors. 


Financial Services

Creating A First Line Of Defence For Financial Service Organisations

Governments

A Go-To Security Awareness Solution For Governments

Enterprises

A Security Awareness Training Solution For Large Enterprises

Remote Workers

Embed A Culture Of Security Awareness - Even At Home

Education Sector

Engaging Security Awareness Training For The Education Sector

Healthcare Workers

See Our Tailored Security Awareness For Healthcare Workers

Tech Industry

Transforming Security Awareness Training In The Tech Industry

NIS2 Compliance

Support Your Nis2 Compliance Requirements With Cyber Security Awareness Initiatives

Back
Resources

Resources

From posters and policies to ultimate guides and case studies, our free awareness assets can be used to help improve cyber security awareness within your organisation.

Cyber Security Awareness For Dummies

An Indispensable Resource For Creating A Culture Of Cyber Awareness

Dummies Guide To Cyber Security Elearning

The Ultimate Guide To Implementing Effective Cyber Security Elearning

Ultimate Guide To Phishing

Educate Employees About How To Detect And Prevent Phishing Attacks

Free Awareness Posters

Download These Complimentary Posters To Enhance Employee Vigilance

Anti Phishing Policy

Create A Security-Conscious Culture And Promote Awareness Of Cyber Security Threats

Case Studies

Hear How We’re Helping Our Customers Drive Positive Behaviour In Their Organisations

A-Z Cyber Security Terminology

A Glossary Of Must-Know Cyber Security Terms

Cyber Security Behavioural Maturity Model

Audit Your Awareness Training And Benchmark Your Organisation Against Best Practice

Free Stuff

Download Our Free Awareness Assets To Improve Cyber Security Awareness In Your Organisation

Back
MetaCompliance | Cyber Security Training & Software for Employees

About

With 18+ years of experience in the Cyber Security and Compliance market, MetaCompliance provides an innovative solution for staff information security awareness and incident management automation. The MetaCompliance platform was created to meet customer needs for a single, comprehensive solution to manage the people risks surrounding Cyber Security, Data Protection and Compliance.

Why Choose Us

Learn Why Metacompliance Is The Trusted Partner For Security Awareness Training

Employee Engagement Specialists

We Make It Easier To Engage Employees And Create a Culture of Cyber Awareness

Security Awareness Automation

Easily Automate Security Awareness Training, Phishing And Policies In Minutes

Leadership

Meet the MetaCompliance Leadership Team

MetaBlog

Stay informed about cyber awareness training topics and mitigate risk in your organisation.

What Is Tabnabbing and How Does It Work?

What Is Tabnabbing and How Does It Work?

about the author

Share this post

Have you heard of tabnabbing? It is a form of phishing that manipulates web pages intending to steal your personal data. Read on to out how you can protect yourself and your company from such attacks.

What Is Tabnabbing?

Tabnabbing is a cunning cyber attack method where a malicious website quietly alters the content of an inactive browser tab to mimic a legitimate site, tricking users into divulging sensitive information or performing unintended actions. This technique preys on users’ trust in their open tabs, exploiting the assumption that they remain unchanged when not in focus. When users switch back to the tampered tab, they may unknowingly input credentials or engage in transactions, providing attackers with valuable data or control over their accounts.

Like other varieties of phishing, tabnabbing is a form of fraud that targets users for a variety of reasons, ranging from identity theft or installing malware to the looting of accounts. But how exactly does it work?

Let’s say you have several tabs open in your browser. This is a regular occurrence for most of us, especially at work. A pop-up window will appear, which you might click on and just as quickly forget about. You then proceed from one website to the next without closing the previous tab. Very often, old tabs can remain open for several days. This gives hackers enough time to make a copy of the inactive page. If you switch back to the new tab, the hacker can begin the attack. They duplicate the website of the inactive tab, which redirects you to the malicious site.

If you were to switch back to the old tab, you might not even realise that you are on a completely different page due to them looking almost identical. This method is incredibly effective in helping hackers to obtain sensitive data.

Examples of Tabnabbing

There are many ways to carry out a tabnabbing attack. As mentioned, this can be achieved when several tabs are open (especially when open over a more extended period of time), resulting in various inactive websites. This allows hackers to copy one of these inactive pages and create a redirect to another page. Additionally, there is another method whereby redirects are achieved via advertisements on a website or a specially designed pop-up. Such an attack could work in the following way:

  1. A user is on a website (e.g. a social media site such as Facebook). Social media sites are often used for such attacks, as it is very easy to share malicious links. Since users believe they are in a protected space where they only see content from friends and relatives, they are less aware of the risks and thus more susceptible to these attacks.
  2. On the Facebook homepage, various posts are displayed. There is also an advertisement that leads to a cheap deal or another product that our example user is interested in. Without overthinking, they click on the link, which leads to the supposed deal or product.
  3. Then, the old tab on which Facebook is open becomes inactive. As long as the user is browsing the page with the supposed deal, hackers have enough time to create a copy of the Facebook page and set up a redirect.
  4. If the user now selects the Facebook tab again, they are no longer on their Facebook page but on a malicious copy.
  5. Here, the user is asked to enter their login data again, under the pretence that they have been inactive for too long, for example. Of course, the user does not consciously think about it and carelessly enters their login data. This enables the hackers to acquire the login data and obtain a lot of additional information about the user.

How Dangerous Is Tabnabbing?

Phishing – in whatever form – is a massive threat to companies and costs them a lot of money. RiskIQ says that cybercrime costs companies worldwide about $1.8 million per minute. Not all of this is directly attributed to phishing or tabnabbing, but it is a part of it. Tabnabbing is particularly dangerous because it is not as well-known as an attack method, unlike traditional phishing emails. Even more concerning, it is not as apparent to the untrained eye that an attack is taking place. Considering the financial and reputational damage that phishing emails can cause companies, it is easy to imagine the risks that can also arise through tabnabbing. According to Cisco’s Cyber Security Support, in 2021, at least one employee in 86% of all companies clicked on a phishing email link, thus demonstrating how high the risk of cybercrime really is. Cybercriminals do not discriminate: these attacks can affect both individuals and companies at any time.

How Do You Protect Yourself from Tabnabbing?

There are some simple rules you can apply in your business to protect yourself from tabnabbing:

  1. Keep only a few tabs open. This tip is a simple yet very effective protection method. In fact, it is much easier to open a new tab than to find the right one in a multitude of already open ones.
  2. Check the address bar. If something seems strange or you are requested to enter your data again, check the web address in the address bar. By doing so, you can immediately determine whether you are still on the original website or a malicious copy.
  3. Check the content of the page carefully. Even though hackers are very good at copying websites, they rarely do everything perfectly. Sometimes the design looks different; other times, there are spelling mistakes or strange wording.

But the most important tip is to undertake continuous security awareness training and promote awareness in your company. After all, employee ignorance of these issues is still the biggest problem when it comes to the various risks relating to tabnabbing or other cyberattacks. Explore how our Cyber Training Awareness Program for Employees can bolster your organisation’s defenses against tabnabbing and various other online threats.

Other Articles on Cyber Security Awareness Training You Might Find Interesting