Tabnabbing is a computer exploit and phishing attack, which persuades users to submit their login details and passwords to popular websites by impersonating those sites and convincing the user that the site is genuine. The attack's name was coined in early 2010 by Aza Raskin, a security researcher and design expert. The attack takes advantage of user trust and inattention to detail in regard to tabs, and the ability of browsers to navigate across a page's origin in inactive tabs a long time after the page is loaded. Tabnabbing is different from most phishing attacks in that the user no longer remembers that a certain tab was the result of a link unrelated to the login page, because the fake login page is loaded in one of the long-lived open tabs in their browser.
"It can detect that you're logged into Citibank right now and Citibank has been training you to log into your account every 15 minutes because it logs you out for better security. It's like being hit by the wrong end of the sword.", said Aza Raskin.
- Claburn, Thomas (2010-05-25). "Tabnapping attack makes phishing easy". Information Week. Retrieved 2012-02-19.
- "Aza Raskin's original tabnabbing disclosure". Azarask.in. 2010-05-25. Retrieved 2012-02-19.
- Christina Warren 164 (2010-05-25). "New Type of Phishing Attack Goes After Your Browser Tabs". Mashable.com. Retrieved 2012-02-19.
- "NoScript 18.104.22.168 changelog announcing specific tabnapping protection". Noscript.net. Retrieved 2012-02-19.
- Magid, Larry (2010-06-11). "Tabnabbing: Like phishing within browser". News.cnet.com. Retrieved 2012-02-19.
- "Devious New Phishing Tactic Targets Tabs". Krebs on Security. 2010-05-10.