Tuesday, July 11, 2017
The word ‘Tab Napping’ comes from the combination of ‘tab’ and ‘kidnapping’ used by clever phishers, scammers, and hackers. Tabnapping is an interesting, tricky, clever, and smart hacking technique for phishing and scamming.
Through this, attackers take advantage and control a victim’s unattended browser tabs by hijacking and redirecting him to malicious URLs where they can perform a phishing attack and execute scripts and data URIS.
For example:
You are already logged in to your Facebook account and suddenly you see an interesting post with a web link. After clicking on the link, a new tab opens. Now, you are visiting an interesting post link on the new tab and unknowingly your previous tab will change to a fake Facebook login page. When you go back to the previous tab to log in to Facebook, your login information will be sent to the attacker and your successful login to Facebook because you never logged out.
Protect Yourself From Tab Napping:
Always check the URL in the address bar and ensure that it is using secure protocol HTTPS
Most web developers use target=”_blank” only to open links in new tab. If you use target=”_blank” only to open links in a new tab, then it is vulnerable to an attacker. When you open a link in a new tab ( target=”_blank” ), the page that opens in a new tab can access the initial tab and change its location using the window.opener property.
javascript code:
window.opener.location.replace(malicious URL)
Prevention:
rel=”nofollow noopener noreferrer”
"Cyber world is hitting by Tabnapping. Many sites like Google and Facebook is affected by Tabnapping. Many of us is unaware about this hacking technique, so hackers are targeting us, using this attack "
Important Note:
It is just for educational purpose only.
