Tabnabbing is a type of phishing attack.
Let’s discuss how it works If you are working with multiple tabs in your
browser and one of them is opening a normal looking website which is hosted or compromised by attacker and this tab goes inactive for some time then the page in inactive tab force your browser to replace favicon, page title & page to look alike login page to any of the server
which you are using and then whenever
you switch to this inactive tab you will get spoofed login page and as I said
it’s look alike page so if you don’t check URL carefully (which is very common
as if you are regular visitor of a site you use to identify that site by look
and care for URL in beginning of the session but during the session you least
bother about URL) and proceed with login assuming that I might opened this page
but forgot to login then your credential will be submitted to attacker’s
website and then he will redirect you to original website.
Example :- I am working with multiple tabs in my
browser Tab_1 – Gmail, Tab_2 – Google, Tab_3 – w.x.y.z, Tab_4 – Microsoft as
shown in following picture
Now suppose my Tab_3 goes inactive for few minutes because I
was working on other tabs here attacker’s script for Tabnabbing works and if it
will sense that you lost focus from this tab and it's inactive for a while then it force Tab_3 to replace favicon , page title and page as Gmail login page, now when I switch to
Tab_3 i found Gmail login page with Gmail favicon and page title as shown in following Picture
(as I highlighted with circle in picture if you notice URL is not correct but this
attack is based on assumption that generally we don’t check for URL during the
session and because of look and feel it pretends original login page)
Now after getting this page I may think that I opened Gmail
and forgot to login and I proceed with login then my user name and password is
submitted to attacker’s URL and then he will redirect me to original Gmail, as I
have already active session with Gmail in Tab_1 it will load my account
successfully in Tab_3 as well.
Note:- To make this attack more effective attacker use to
collect information first about your browsing like what sites you use to visit
(Email, Internet banking, Social networking, etc) and then they host a normal looking website with tabnabbing script. this normal looking website can be advertised or promoted by any method to influence you for visit.
I hope this article will help you to understand Tabnabbing and it's working :-)