Tabnabbing: A Sneaky New Form Of Identity Theft

June 11th, 2010

Phony LoginYou’re surfing the web, checking out several pages. You click one of the tabs you left open and log in to your email account. They just got you; you’ve been Tabnabbed.

Tabnabbing is a new phishing scam created by some clever identity thieves. It’s also known as tabnapping, a combination of tab and kidnapping, but either way it’s a serious problem that could affect anyone.

How It Works
While you’re surfing the Web you probably have several tabs open. You open one page and move on to another. When you return to a page, you see a login screen. Maybe it’s for an email account, social networking site or even your bank. Problem is, it’s not real.

Scam artists have developed a program that changes a page while you’re not looking at it. The inactive tab will morph into something that looks exactly like the login page of a site you probably use. Since you have several tabs open, you assume that you were using the site and your session timed out. You log back in.

Just like that the scammers have your information. Just think about what they can get from your email: bank account numbers, passwords and who knows what else. Your identity has just been stolen.

How Can This Happen?
Before tabnabbing can occur, the scammers must get access to your computer. It could come from a Flash Widget or a third-party script. Be careful what you download and where you surf.

Did you know your browser can warn you about potentially harmful sites that may contain dangerous scripts? Check your browser settings. In most cases you’ll be able to change the settings to warn you about suspected fraud or attack sites by clicking the Tools link, then Settings or Options and updating your Security preferences.

Be Careful Where You Log In
Tabnabbing is a form of phishing that could fool even the savviest among us. So how can you avoid becoming a victim? Never, ever log in to any account unless you have just entered the URL yourself. Even if you were logged in and your session timed out, enter the URL again and start over. Prevention is the ultimate tool.

Double check the URL of any site before you log in. Clever criminals create URLs that look very similar to the real thing, so make sure you are always on the right page. If the URL doesn’t look right, close the window immediately.

What If I’ve Been Tabnabbed?
If you think you may have been tabnabbed, go to your real account immediately. Log in and change your account information. You may be able to update your account before the thief has a chance to get in.

You might need to contact your bank, credit card company or other service providers to inform them of the possibility of identity theft. Don’t take chances. Tabnabbers are playing for keeps.

Want An Example?
Aza Raskin, who works for Mozilla, created an example to show people how tabnabbing works. Visit his blog, open another window, wait a moment or two and return. Suddenly the page looks like Gmail. Raskin made it obvious that the page is fake; phishers won’t be so considerate.

More Ideas To Avoid Identity Theft
Be careful out there, identity thieves can be ingenious. They won’t always come at you online, so it’s essential to be aware of criminals in every aspect of life.

Before you deal with anyone personally or professionally, run a Background Check with a Criminal Report. This will tell you if the person has a criminal offense on file, and give you specific information if they do. Educating yourself about a person may just be the key to prevention.

Never give your personal information, such as social security or bank account numbers, to anyone over the phone. Scammers call people, pretend to be from major companies and request these details. They can be very persuasive and make you feel like it’s in your best interest to provide this information, but remember that a legitimate company representative will not ask for such specific details on the phone.

Protect your personal and financial information at all times, watch out for new scams and thank you for reading the PeopleFinders blog.

Follow peoplefinders on Twitter

Find Us On Facebook

Be Sociable, Share!

Leave a Reply