Explaining Tabnabbing Phishing

Explaining Tabnabbing Phishing

Tabnabbing has been one of the tried and true forms of phishing since around 2010. The attacker takes advantage of the fact that many people are busy and don’t pay attention to the tabs that they open in their browser. The cyber criminal’s ability to imitate credible website views allows them to appear like a webpage so that the user can input their credentials.  The name tabnabbing was created by a security researcher and design expert, Aza Raskin.

How People Fall Prey to Tabnabbing

Google Chrome offers an excellent explanation for this topic:

“The attack takes advantage of user trust and inattention to detail in regard to tabs, and the ability of browsers to navigate across a page’s origin in inactive tabs a long time after the page is loaded. Tabnabbing is different from most phishing attacks in that the user no longer remembers that a certain tab was the result of a link unrelated to the login page, because the fake login page is loaded in one of the long-lived open tabs in their browser 

What we don’t expect is that a page we’ve been looking at will change behind our backs, when we aren’t looking. That’ll catch us by surprise.”

How it works

In the world of tabnabbing, impersonation is the name of the game, and the cyberhackers use their knowledge of Google search engines to disguise themselves. Search engines use crawler and spider software to create indexes of new websites as well as any changes to existing websites. Indexing a site will depend on the root level file of all web hosting sites. Google will treat it as a full index where there isn’t one present.

A majority of hackers that run phishing pages make use of free web hosting websites and these have robot.txt files as their default. When a hacker uploads the phishing page it’s automatically indexed by Google.

Taking Actions to Prevent Tabnabbing

Open very few tabs. This may sound like a no-brainer, but we are creatures of habit on the net and we want the ease of moving from one tab to another for information.

If you must have multiple tabs open, limit the number of tabs to four for your own security and try to keep them in separate windows.

Monitor the address bar to verify that the address and website match. The url for a tabnabbing site won’t match.

Pay attention to the look of a website. Tabnabbing sites often have differences, mistakes, poor spelling and phrasing.

“One of the easiest ways for cybercriminals to access both personal and business credentials is through tabnabbing. Da Vinci Forensics will work with IT Departments and all staff to assist in training so that being watchful and aware of tabnabbing becomes second nature. This is especially important when employees are trying to accomplish their daily tasks and may not always be attentive to the websites that they visit. Safety and security is the highest priority in today’s cyberworld.”