In this attack one of you browser tab replace with another page without your knowledge and permission, for example in one of your browser tab you have opened any website it will automatically replaced with the phishing side and the normal user’s does not look to the URL.
Is this the owner and admin of a particular website responsible for this attack? i think no an attacker can find any bug on any website like a cross site scripting and after this an attacker can enter their script to perform Tabnapping attack.
- Do not login on any tab, that you have not open it by yourself.
- Look around the URL before login to any website.
- If you find any suspicious than close the tab and open new one.
- Update your browser.
- Do not open many tab while you are working on your secure website or important websites.