We are living in the jungle of web, we have different web-browser to view internet websites. Different vulnerability on browser’s arising every day and you have to be aware these new attack to protect your infrastructure.
As you know in the phishing attacker send a URL to the victim and victim has to click on URL to go on phishing page, now the thing is change a new term has been discovered that is TabNapping, tabnapping is a web-browser attack and the new way of phishing attack in which victim not require to click any URL.
In this attack one of you browser tab replace with another page without your knowledge and permission, for example in one of your browser tab you have opened any website it will automatically replaced with the phishing side and the normal user’s does not look to the URL.
Instead of explain all the stuff here on text format i want to share a video demonstration of tabnapping.
Is this the owner and admin of a particular website responsible for this attack? i think no an attacker can find any bug on any website like a cross site scripting and after this an attacker can enter their script to perform Tabnapping attack.
- Do not login on any tab, that you have not open it by yourself.
- Look around the URL before login to any website.
- If you find any suspicious than close the tab and open new one.
- Update your browser.
- Do not open many tab while you are working on your secure website or important websites.