Tabnapping

This odd term is a type of phishing attack which can happen if you have several tabs open at once on your computer or laptop. A ‘same-origin policy’ is a security feature which isolates websites from each other.

The same-origin policy does have some ‘holes’ which websites use when interaction is necessary. It is through these holes which tabnapping can occur. Hackers can use JavaScript to change the content of an open but inactive tab. Changes will usually be made to look like a default log in for your bank, emails or social media account. When the user goes back to the tab, the hacker is hoping that they will assume they have been timed out and will put their log in details again. If the user logs in again, the hacker can harvest the details and use them to commit other offences, with the user being the victim.

Top tips to prevent tabnapping:

• Close down a tab when you are finished with it and open a new one when you need it again instead of keeping lots of tabs open.
• If you do keep tabs open, have a system which means that you can spot if something changes. For example, always have tab 1 open for emails, tab 2 for an intranet and tab 3 for all other browsing.
• If the site you regularly visit looks different, such as an unusual layout or spelling errors, be suspicious.
• Check that the URL shows a secure protocol, such as HTTPS.
• Keep anti-virus and spyware up to date.

Other useful articles can be found in our Counter Fraud Newsletters on the Publications page