Tabnabbing Attacks While Your Back is Turned

Phishing attacks have always been based on the principles of trust and deception; hackers find a way to manipulate you into giving up your private data. With these types of scams on the rise, many consumers have started following tips to prevent themselves from falling victim – carefully checking website URLs for their validity, double checking information requests, and avoiding any links that may lead to malicious content. However, a new type of attack, called tabnabbing has arrived and it waits until your back is turned to steal your sensitive information.

How Tabnapping Attempts to Trick You
This is how tabnabbing works. Say you stumble onto a website – maybe you found an interesting web article, clicked on a link sent by a friend, or are researching a specific topic. Often when we’re busy, opening several tabs to save a page or blog post to read later is normal multitasking, but this is where tabnabbers get you. When you open a new tab to work on something else, the malicious page begins to transform in the background while you’re occupied and not looking.

Read More: Phishing Attacks Can Be Stealthier Than You Think

The bogus website’s icon, known as a favicon, suddenly changes to something else like the Google logo, with the entire webpage following suit. When you tab back to where you were before, you’re presented with a fake Google account login box. You quickly assume that you were automatically logged out of something and enter your credentials, but what you don’t realize is you just fell for a dubious phishing attack. And now a hacker has your login information.

Tabnabbing are targeted attacks — hackers scour for vulnerabilities in HTML script, image loads, and various web browsers. Methods like this allow hackers to detect which site a user is visiting, or what sites a user visits regularly. For example, if you use Facebook daily, a hacker could simply switch out a tab to the Facebook login screen and ensnare you to enter personal details.

There is Hope for Protection
Keep following necessary security standards such as always checking the website URL, not only once it loads, but whenever you’re being prompted for a password or other personal information. Implementing two-factor authentication can also make it more difficult for hackers to access your account even if they’ve managed to get a hold of your password.

Finally, always have an antivirus software installed on all your devices, both computer, and smartphone. dfndr security is a well-rated app for Android devices and offers advanced technology based on AI machine learning. There is a full virus scan feature that scans your device from top to bottom and detects malware or viruses, and the anti-hacking feature blocks any malicious links before you even click on them.

The big lesson here? Your data is at risk, but the good news is you don’t have to go it alone.