Tab
Napping
Tab
Napping is a new form of phishing that is hitting the internet now. With the
conventional form of phishing, for example, you might receive an email that is
supposedly from your bank, and it might ask you to login and update or confirm
your account details, of course, there would be a link to your banks website in
the email for you to click, which would take you to a page that looks identical
to your real banks login page.
How
does it works
Tab napping is more sophisticated than the phishing scams we’ve seen so far, and it no longer relies on persuading you to click on a dodgy link. Instead it targets internet users who open lots of tabs on their browser at the same time (for example, by pressing
CTRL + T).
if you have multiple tabs open and you are reading the page on your current active tab, any of the other inactive browser tabs could be replaced with a fake web page that is set up to obtain your personal data, the web page will look exactly the same as the page you opened in the tab, you probably wont even even know it has been replaced with a fake page.
fraudsters can actually detect when a tab has been left inactive for a while, and spy on your browser history to find out which websites you regularly visit, and therefore which pages to fake.
This may surprise you, but phishers and fraudsters in general can actually detect when a tab has been left inactive for a period of time, which means they can spy on your browsing history, this tells them which websites and web pages you visit on a regularly basis, so they'll know which bank you use and which email account you use, whatever you view, they'll know about it, which means they'll know which fake pages to make to replace the real pages in your inactive tabs, you've now left yourself open to become a victim of tab napping.
Tab napping is more sophisticated than the phishing scams we’ve seen so far, and it no longer relies on persuading you to click on a dodgy link. Instead it targets internet users who open lots of tabs on their browser at the same time (for example, by pressing
CTRL + T).
if you have multiple tabs open and you are reading the page on your current active tab, any of the other inactive browser tabs could be replaced with a fake web page that is set up to obtain your personal data, the web page will look exactly the same as the page you opened in the tab, you probably wont even even know it has been replaced with a fake page.
fraudsters can actually detect when a tab has been left inactive for a while, and spy on your browser history to find out which websites you regularly visit, and therefore which pages to fake.
This may surprise you, but phishers and fraudsters in general can actually detect when a tab has been left inactive for a period of time, which means they can spy on your browsing history, this tells them which websites and web pages you visit on a regularly basis, so they'll know which bank you use and which email account you use, whatever you view, they'll know about it, which means they'll know which fake pages to make to replace the real pages in your inactive tabs, you've now left yourself open to become a victim of tab napping.
How
can you protect yourself against tab napping?
Here
are five simple ways you can prevent yourself from falling victim:
• Make sure you always check the URL in the browser address page is correct before you enter any login details. A fake tabbed page will have a different URL to the website you think you’re using.
• Always check the URL has a secure https:// address even if you don’t have tabs open on the browser.
• If the URL looks suspicious in any way, close the tab and reopen it by entering the correct URL again.
• Avoid leaving tabs open which require you to type in secure login details. Don't open any tabs while doing online banking - open new windows instead (CTRL + N).
• Make sure you always check the URL in the browser address page is correct before you enter any login details. A fake tabbed page will have a different URL to the website you think you’re using.
• Always check the URL has a secure https:// address even if you don’t have tabs open on the browser.
• If the URL looks suspicious in any way, close the tab and reopen it by entering the correct URL again.
• Avoid leaving tabs open which require you to type in secure login details. Don't open any tabs while doing online banking - open new windows instead (CTRL + N).
