On TikTok, the Spanish National Police is sounding the alarm: "tabnabbing" is a form of phishing that directly exploits our tendency to keep many windows open in our browser. This behavior, commonplace among most Internet users, can allow a cybercriminal to take control of an inactive tab and modify its content without our knowledge.
Tabs become traps
"The hacker will replace one of the open pages with a malicious copy that perfectly imitates the original site," explains an officer in the video. The hacker uses a malicious script to identify and replace the tab; the fake site reproduces the design of the inactive page. This is a real threat when it comes to your bank's website or an online store.
When you return to this tab, sometimes dozens of minutes later, you are then asked to enter your login details or banking information, under the pretext that the session has expired. And since the site appears to be the one you opened earlier, vigilance drops, the information is re-entered... and the theft is complete.
To limit the risks, the police recommend a simple measure: "Only keep open the pages you are currently using and close the others." This is a good habit to adopt, along with systematically checking the URL when a site asks you to re-enter your data.
"Tabnabbing" is just one of the many phishing techniques in circulation. The basic principle remains the same: trick the user into believing they are interacting with a legitimate website or entity, in order to extract confidential information. But the methods have diversified.
Classic phishing often involves fraudulent emails that mimic messages from banks, internet service providers, or government agencies, with links to fake websites. Spear phishing targets specific people or companies. Thanks to upstream research, the messages are ultra-credible: names, positions, professional context, everything is personalized. Smishing (SMS + phishing) uses text messages to push victims to click on a link or install a corrupted application. These messages often simulate an emergency (blocked package, banking problem, etc.).
All these traps exploit a weak point: trust, or rather the habit of clicking without really checking. Faced with these increasingly devious techniques, there's only one thing you can do: take your time. Close unnecessary tabs, check web addresses, and be wary of overly urgent messages... These are simple actions that can prevent many mishaps.
0 Comments