Tuesday, June 13, 2017

What is Tabnabbing ?








What is Tabnabbing ?


Tabnabbing is a technique which is often used by attackers for phishing attacks. The attack takes advantage of a user’s trust and inattention while opening multiple tabs in a browser and can deceive the victim in submitting sensitive credentials or other sensitive data.

The attack was first described by Mozilla Firefox creative lead Aza Raskin and is often used by attackers as a phishing technique.


How does Tabnabbing work ?


Tabnabbing usually works in the following way:

  • A user opens a malicious website along with multiple other tabs in the browser.
  • The malicious website uses some malicious scripts to detect the tab is idle and inactive. This usually happens when the user is inattentive and the webpage is left unattended for some time.
  • Once the above condition is met, the malicious script executes itself and rewrites the whole webpage in the tab where the malicious webpage was opened.
  • To give an example, the webpage can rewrite itself completely and open instead a fake webpage which looks identical to facebook login page.
  • To evade detection, the scripts can even change the title of the webpage shown in the tab along with the favicon which is displayed as an image on the left side of the webpage title.
  • When the user comes back to his open browser, he usually relies on the favicon and the webpage title to know what all tabs he had opened.
  • In our case, when the user comes back and looks at his browser, he would see facebook login page is opened in one of the tabs. He may rely on the title and favicon and fail to notice other signs of this phishing attack.
  • If the user now provides his credentials to the fake facebook page, the credentials and other sensitive personal data will be stolen by the criminals.


Why do attackers use Tabnabbing ?


Traditional phishing techniques largely relies on a phishing link or a malicious attachment. And, if the user is educated enough or becomes suspicious and alerted, the attack fails. For example, a user may not open an attachment sent by an unknown sender or open any untrusted links or respond to an email requesting sensitive personal data. And, to counter those attackers often use Tabnabbing which is much more stealthy and difficult to detect.


How to prevent Tabnabbing ?


Tabnabbing is no doubt very stealthy, but with proper precautions we can always safeguard ourselves from this attack.

  • Before logging in to any website or providing sensitive data to any website, look at the address bar of the browser. Make sure the URL is proper and the website uses HTTPS with a proper digital certificate. You can click on the lock icon on the left side of a URL in the address bar to get more information on the ownership of the website and the digital certificate used.
  • Do not allow scripts on a webpage if the webpage is not trusted. You can use several browser plugins for that purpose. For example, NoScript is a Firefox extension which can be effective in preventing Tabnabbing. It can prevent javascript from running in an untrusted website and prevents certain scriptless attacks based on meta refresh also.


No comments:

Post a Comment