If you forget to close a tab when you do an internet search and you end up with a lot of open windows at the end of your working day, you could be the victim of a scam called ‘tabnabbing’, a phishing attack that changes the content of an inactive browser tab without the user noticing in order to steal their credentials.
How does tabnabbing work?
The National Police have issued a warning about this usurpation technique through a video on their official social network profiles. They explain that it most commonly occurs when you visit an insecure website and click on a link that opens another tab. While you are in the new tab, the original page is secretly replaced by a fake site.
When you return to that tab, and with excuses such as “the session has expired”, you are asked to re-enter passwords, personal or banking information that you may end up providing thinking that you are on the official website, the police explain.
The spokeswoman in charge of explaining the scam recommends keeping an eye on the open tabs, keeping only the ones we are using at any given time and closing the rest. In addition, if there is any suspicion that a website is not reliable, the URL should be checked and, if it does not match the official one, it is clear that criminals are trying to impersonate it.
Antonio Fernandes, cybersecurity expert and communicator, explains to Newtral.es that tabnabbing occurs because cybercriminals “use JavaScript code” on the website that the user went to first and leave in the background to impersonate them.
Does it also happen on mobile phones?
Although tabnabbing is more common on computers, it could also happen on mobile phones. Furthermore, the use of artificial intelligence can now make tabnabbing much more credible and dangerous.
