Warning Over New ‘Tab Napping’ Scam.

By -
No Comments

As you’re reading this, there’s a good chance that you have access to the internet. But, how safe are you?

Programs such as Internet Explorer, FireFox and Safari now all use tabs. You might have a couple open now in your browser. But be warned, unused tabs could be used in a devious – and costly – manner.

We’re always vulnerable to online scams, and as we become wise to one form of scam, another more sophisticated scam comes along in it’s place. It was Mozilla (the technology company behind FireFox) who warned against a possible new threat that takes phishing one step further – Tab Napping.

So, what is this Tab Napping?

Until now, phishing scams has involved sending hoax emails to potential victims in an attempt to steal usernames, passwords and bank details. The sender will claim that they are working for your bank and will ask you to verify your bank details by clicking on a link that is sent in the email.

This link directs you to a fake website that looks exactly like your bank’s website. Once you enter your login details, criminals that sent you the link will now have access to the details.

But we’re beginning to wise up to these type of scams, and many of us understand the positive aspect of being wary of clicking URLs, even if they appear in a legitimate email. Though that the awareness of phishing is on the up, making the success rate of the scams to drop, Tab Napping could be the next scam to watch out for…

So, how does Tab Napping work?

I’m glad you asked that. Tab Napping doesn’t rely on you to click a dodgy link, it targets internet users who open lots of tabs on their browser at the same time.

Simply, it works by replacing an inactive browser tab with a fake page set up to obtain your personal details without you even realizing it happened.

Fraudsters can detect how long a tab has been inactive for and spy on your browser history to find out the websites that you mostly visit, and therefore which pages to fake.

So, yeah. Don’t assume that after you opened a new tab and visited a web page, that web page will stay the same even if you don’t return to it for a while. Malicious code can replace the page you opened with a fake version which looks virtually identical to the original page.

So, how would Tab Napping work in practice?

For example, imagine you open the login page for your online bank account, but then you open a new tab to visit another website for a few minutes, leaving the first tab unattended. When you return to your bank’s site the login page looks exactly how you left it. What you haven’t realized is that a fake page has taken its place, so when you type in your username and password, you have inadvertently given the fraudster easy access to your account.

Even if you have already logged into your bank account before opening another tab, when you return you might find you’re being asked to login again. This may not necessarily rouse any suspicion since you might simply assume your bank has logged you out because you left your account inactive for too long. You probably won’t even think twice before logging in for a second time. But this time round you have accidentally inputted your security details into a fraudster’s fake page which have been sent back to their server.

Once you have done so, you can then be easily redirected to your bank’s genuine website since you never actually logged out in the first place, giving you the impression that all is well.

Remember, not only bank accounts that could be the target. This new scam could also effect other websites, such as social networking sites, to hijack your account. Not a nice thought, eh?…

So, how would you protect yourself from this Tab Napping?

It may look like a scary, hard-to-avoid scam. But in all realness, it’s relatively easy to avoid. Here’s five simple ways to prevent yourself from becoming victim of a Tab Napper…

1 – Make sure you always check the URL in the browser address page is correct before you enter any login details. A fake tabbed page will have a different URL to the website you think you’re using.
2 – Always check the URL has a secure https:// address even if you don’t have tabs open on the browser.
3 – If the URL looks suspicious in any way, close the tab and reopen it by entering the correct URL again.
4 – Avoid leaving tabs open which require you to type in secure login details. Don’t open any tabs while doing online banking – open new windows instead (usually by using Ctrl+N).
5 – Finally, take a look at Online Safety (link – http://www.cliconline.co.uk/en/on-the-web/safety-information/) to find out other ways to protect yourself from online scams.


All Articles