Tab Nabbing is a type of phishing attack that manipulates inactive web pages. It happens when users close an open tab, allowing malicious hackers the chance to reroute the site to an alternative one that they control.

The goal of tabnabbing is the same as that of conventional phishing, in which attackers use an email or link to direct victims to their websites. They believe the target would not know the difference and—as a result—hand over their sensitive information to the fake site hoping it was a legitimate one.

Fortunately, Tab Nabbing is harder to prevent compared to other types of Phishing because it doesn't depend on the victim making a mistake (clicking a link that you shouldn’t). Rather, the damage had already been done, the attacker had compromised the network and patiently waiting for the opportunity to strike.

Actually, that doesn't mean there is nothing to do to prevent Tab Nabbing, read closely as we talk more on it

Example/Scenerio

When you have several tabs open, tabnabbing is more likely to happen to you. Many people engage in this routine behaviour, especially at work where multitasking is common throughout the day.

Pop-ups frequently appear when you have numerous tabs open without your knowledge. It's likely that you'll suppose you opened the website yourself and promptly forgot about it.

Even if you hadn't planned on going to the website, just seeing the tab open is enough to tempt you to sign in.

Alternatively, you might believe the malicious website to be an open tab. For instance, if you had previously logged into Facebook, you might have assumed that you had been automatically logged out when you saw the Facebook login page.

You might have been used to entering your credentials at regular times throughout the day because this is a common security measure used by many websites.

HOW TO AVOID TAB NABBING

There are five ways you can avoid the risk of Tab Nabbing:

- Open a few tabs while working on your browser - People commonly have issues with this, but it's definitely simpler to create a new tab, type in the address, and then search among a large number of open tabs to find the one you need.

- Keep tabs in various windows based on their intended function - As an illustration, you might have three windows open at once: one for work chores and the intranet, one for personal projects, and one for both.

This won't make you less likely to be the target of tabnabbing, but it will make it easier for you to spot infected tabs because they will likely be located in the wrong position.

- Take a look at the address bar if something doesn’t seem right - Although the content of the website might not change, the address will. They can manipulate the site name to look like the actual site e.g writing facebook.com as facebo0k.com, notice the “0” in the fake site compared to the “o” in the real site name.

This can be easy to notice or the scammers might have copied the real URL. However, a closer look should produce hints as to what it really is.

- Check the site closely - Spot out differences such as spelling mistakes, poor phrasing and unusual layouts

- Give your staff security education - this mostly goes to the company, get your staff on the same page. Let them know how they can identify and defend against attacks.

Conclusion

A successful Tab Nabbing attack can cost a lot of damage to your data or your company and remember Tab Nabbing is a type of Social Engineering attack which is coming in the recent Cyber attacks. Stay Updated. Stay Safe.