OFFphish

Contact us

What is Tabnabbing ?

Tabnapping is a phishing technique that exploits the carelessness of users who leave tabs open in their browser. Cybercriminals alter the content of an inactive tab, making it appear to be a legitimate page, such as your bank account or email account, in order to steal your credentials. In this article, we’ll explain how this threat works, how to recognize it, and what you can do to protect yourself.

What types of tabnabbing can we detect ?

Depending on the method of attack, there are two main types of tabnabbing:

Classic (or passive) tabnabbing: This is the most common type of attack. It occurs when a user visits a seemingly harmless page and then switches to another tab. While the original tab is inactive, its content is replaced with a fake page that mimics the real website (e.g., Gmail, Facebook, or a banking website). When the user returns, believing that their session has expired, they re-enter their credentials, which are then intercepted by the attacker.

Reverse tabnabbing: This type of attack occurs when you click on a link that opens a new tab in your browser. The problem is that this new tab can cause the previous tab to automatically switch to a fake page. This means that if you accidentally return to that tab, you may enter your personal information on the fake website.

Both types exploit users’ trust in open tabs and pose a serious threat to the security of personal and corporate information.

What cases of tabbing are known ?

Although this information is not always published, there are reports of users losing access to their bank accounts or email after entering their credentials on fake tabs. This method has also been used in phishing campaigns targeting company employees in order to gain access to internal systems.

Some notable cases: European banks are warning of an increase in tabnabbing among users who keep multiple tabs open. It explains how attackers replace the content of an inactive tab with a malicious copy of a legitimate website, such as an online banking site, in order to intercept credentials when the user reopens that tab.

What risks do we face ?


☑️ Identity theft: If you enter your username and password on a fake website, attackers can gain access to your personal or work accounts (email, social networks, etc.). This can lead to attackers impersonating you, sending messages on your behalf, or gaining access to additional personal information.
☑️ Financial loss: If a fake website imitates your bank or online store and you enter your bank account or credit card details, attackers can: make purchases without your permission; withdraw money from your account; record your details for later use or sell them.
☑️ Access to confidential information: If you work for a company and visit a fake website thinking it is an internal system, you may gain access to confidential documents, customer information, intellectual property (ideas, projects, strategies), etc. This can cause serious financial and legal damage to the company.

How can you protect yourself from tabnabbing ?

Close tabs you are not using: malicious pages can change their content while they are open in the background. If you are not using a tab, especially if it is an unknown or untrustworthy site, close it. This will prevent it from becoming a trap.
Always check the URL: attackers mimic legitimate pages, but the web address (URL) often contains errors or differs from the original. Before entering your username or password, look carefully at the address bar and make sure the address is correct and has a secure connection lock.
Do not reuse passwords: if you use the same password on multiple sites and one of them is hacked, attackers will be able to access all the others. Use different passwords for each account. If you find it difficult to remember them, use a password manager (such as Bitwarden, 1Password, or LastPass).

Enable two-factor authentication (2FA): even if someone steals your password, they won’t be able to log in without the second step (a code sent to your phone, email, or app). Activate this option for important accounts (email, social networks, bank accounts, etc.). You can use apps such as Google Authenticator or Authy.
Update your browser regularly: updates fix bugs and vulnerabilities that attackers can exploit. Make sure you have automatic updates enabled, or manually check for a new version of your browser.
Use security extensions: Some extensions block malicious scripts that can change the content of a tab. You can install extensions such as:
☑️ uBlock Origin – blocks suspicious ads and scripts.
☑️ NoScript: allows you to control which scripts will run on each page (recommended for more advanced users).

Tabnabbing is a quiet but effective phishing method. The best defense is prevention: stay informed, follow internet safety rules, and don’t blindly trust what you see in your browser. If you suspect you have been the victim of such an attack, immediately change your passwords and contact the appropriate services.