What Is “Tabnabbing”?

“Tabnabbing” is the term that refers to a new kind of phishing attack. “Phishing“, as you’ll recall, is the fraudulent practice of attempting to steal a user’s information by pretending to be a trustworthy source. Tabnabbing is the latest method being used to fool users into giving thieves their passwords.

Tabnabbing works by exploiting a user’s use of tabs while browsing. Malicious code will detect when a user has navigated away from an active tab, and once a determined time limit has been reached, it will turn the tab’s identifying information into something different. The user may have started that tab to check the latest articles from Digigasms, for example, only to find that while he was browsing a different site in another tab, the Digigasms tab had now become a tab for Gmail.

When the affected tab is clicked to bring the page back into focus, the user is presented with a site that looks just like what the tab declares it to be, right down to the login fields. Assuming that he had simply forgotten that tab was open to that site, the user will enter his username and password in an attempt to log back in. What he’s really done, however, is passed his private information on to the thieves behind the tabnabbing code.

Bear in mind that tabnabbing only works if the user fails to read the actual URL in the browser’s address field; while the page may look like Gmail, the URL will plainly read as something else. The referring article discusses an application that helps guard against this kind of attack. The developers behind Firefox — one of whom being the person who coined the term “tabnabbing” — are working on a built-in Account Manager that will prevent tabnabbing from even working in the first place. Until then, and until other methods are in place to combat this new form of phishing, always remember to explicitly type the name of the site you want to view, or select it from a bookmark. The price of freedom is eternal vigilance, and nowhere is this more evident than on the Internet.