Most of us know that we should keep our passwords and other credentials a secret. However, it’s easy for cybercriminals to create a "spoof", a copy of a familiar website. You might think you’re entering your credentials into your web-based email accounts, social networking sites, or bank websites, but you’re really typing them into a phishing website that was created to steal this information.
Cybercriminals have been using this ploy on websites and in pop-up windows for some time, but there are reports of a new phishing technique that takes advantage of the increased use of browser tabs.
Example of a browser tab
Many of us surf the web with several tabs open at once. If you browse to a malicious website, you might become a victim of what phishing researchers are calling “tabnabbing.”
If you open another tab but leave the malicious site open in its own tab, a cybercriminal could refresh the page so that it now looks like your web email or other sensitive website.
If you enter your password on this refreshed page that mimics the original site, you could be handing it over to a cybercriminal.
Despite tabnabbing’s clever name, this technique isn’t that different from a standard phishing attack. And the way Internet Explorer can protect us against this kind of attack isn’t that different either.
3 tips to avoid tabnabbing when you use Internet Explorer
1. Update your browser. The most recent version of Internet Explorer is Internet Explorer 8 and it helps protect against phishing scams, including tabnabbing.
2. Check that the lock icon appears on the address bar and that the web address of the page is correct (“https” rather than “http,” for example) before you enter personal information on any website.
3. Turn on SmartScreen Filter. SmartScreen blocks millions of malicious or potentially malicious pages and can help protect you from tabnapping.
For more information, see Reduce the risk of online fraud.