Computer experts are warning internet users about tabnapping – a new type of phishing that fraudsters are using to get people’s personal information.
All major browsers that use tabbed-browsing on Windows and MAC OS X are vulnerable to the attack.
How does tabnapping work?
When a user clicks back onto the tab to find the fake log-in screen, they assume that they have been logged out and re-enter their user information and password to log back in. When they enter these details, the personal information provided is sent straight to the fraudsters.
The url in the browser’s address bar is not necessarily altered by tabnappers, so checking the url is the legitimate url of the service provider is not a sufficient precautionary measure.
The fraudsters may even put an additional message on the fake log-in screen, saying that the session has timed out and the user needs to re-enter their log-in details. This is a message that appears on legitimate websites, particularly on banks, increasing the likelihood that the user thinks the log-in screen is trustworthy.
How can tabnapping be prevented?
- Ensure anti-virus and anti-spyware software is up-to-date on your computer and make sure your browser’s filter is switched-on and up-to-date. These measures should block malicious sites and legitimate sites that are infected with a phishing attack code.
- If you’re unsure about whether or not a log-in screen is legitimate, close the tab down, open a new one and type in the legitimate url of the website you want to log-in to.
- Follow identity theft crime prevention advice to stay alert to unrecognisable transactions in your name.
Please note: Action Fraud is not responsible for the content on external websites.
To report a fraud, call Action Fraud on 0300 123 2040 or use our online fraud reporting tool.
Banking fraud - with information about online banking and shopping online
Identity fraud and theft - how to spot it and what you should do
Online shopping fraud - more information on fraud while shopping online