How many times a day do you go to different tabs to check your bank account, credit card statement or do online shopping? Hard to guess. And now, con artists have found a way to take advantage of this practice to get you to type your username and password into a fake page: tabnabbing.
Tabnabbing is a type of phishing scam where a website you have open changes its looks to a different, but familiar, website while the open tab is inactive. Con artists hope you don’t recognize the change and enter your login credentials.
The word “tabnabbing” was coined in 2010 by Aza Raskin, a security researcher and design expert. It began with Gmail being the victim of tabnabbing, but this phishing scam now can spoof any legitimate site’s login page.
This scam begins with trust, which can make it hard to detect. Modern technology allows con artists to rewrite tabs and their contents even while the tab stays inactive. Then a fake page is loaded, consumers are directed to the fake page, and they enter personal information.
So, what’s the big deal if they only get the login information for email accounts? In addition to having to reset passwords and tell everyone you have been hacked, the attackers can use access to your email to change the password on other accounts, like your bank. And remember, the con artist has seen details that could possibly be used in other scams, such as your birth date, where you live, where you work, etc. It doesn’t take much nowadays for scammers to utilize your personal information for their own needs.
But what would happen if you logged into your bank account online or you check your credit card statement? If you did so using a fake web page that’s made to look like a legitimate company, then you’ve just given everything a scammer needs to access these accounts. Loss of funds, possible identity theft, charges on your credit cards all could happen.
Bottom line – before entering your credentials into a tab that you left open and seems very familiar to you, take just a second and do a double check. Ensure that it’s the true URL of the company. And remember, a good practice is to always close a tab when you are done using it.
BBB Serving Atlanta and Bill Fanelli, Chief Security Officer, Council of Better Business Bureaus contributed to this article.
