What is Phishing Attack?
Before discussing Tabnapping or Tabnabbing attack let’s first understand the phishing attack. Phishing is a process used by hacker or scammer to steal sensitive information like username, password, bank account number, ATM pin, credit card number, etc.
How does Phishing Works?
(1) Attacker or Scammer will create a phishing website that looks similar to the original website and then uses a hosting space and upload the phishing website to the server.
(2) The attacker will find the target users and send the phishing website through emails, SMS, Whatsapp, Facebook to the target user. (Example Phishing email will be – Congratulations you have won the Jackpot of Rs 5 Lakhs. Enter your Bank detail in the given website below to Claim the Jackpot. Link:- www.statebankindia.com )
(3) Target user falls into the phishing traps by seeing the Jackpot Email and Enter his Bank detail in the Website. (Mostly Phishing Websites does not have https )
(4) After that attacker gets emails from phishing website that contains the bank account number, phone number, ATM pin, etc
This Completes the Phishing Process.
Also Read: Different Versions of Google reCAPTCHA
What is Tabnapping Attack or Tabnabbing Attack?
Tabnapping is similar to a phishing attack. In tab napping the attacker changes the website of the tabs which are inactive to some phishing or malicious website (URL of the website also get changed ).so when target user got back to inactive tab the website changes to the phishing website.
How does Tabnapping / Tabnabbing Attack Works?
(1) The attacker creates a website that looks like a normal website. Within the website code, the attacker set a checker code to see whether tabs have become inactive or not.
Inactive tabs are tabs which the current target user is not using it. You can see active and inactive tabs in the above image.
(2) Target user visits this innocent-looking website which is sent by the Attacker. This website looks like a normal website.
(3) After sometime user switches his tab to perform some other activity without closing the previous tab.Which then activates the hacker or scammer codes.
(4) After sometime normal looking website has changed to some phishing website. You can see below how the website icon, title and everything have changed.
Also Read: App Cloner Premium APK Download 2020
(5) Now let us assume that by seeing the title and icon of page user remember that he needs to send an email to his friend. The webpage will look similar to the Gmail login page ( Normal looking website has redirected to phishing website ). So the user goes to that website and enters his login detail and finally, the attacker get the login detail of the target user.
This Completes the Tabnapping attack.