What is Tabnapping? Protection & Prevention Techniques

June 23, 2017 | Views: 11507

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

The word ‘Tab Napping’ comes from the combination of ‘tab’ and ‘kidnapping’ used by clever phishers, scammers, and hackers. Tabnapping is an interesting, tricky, clever, and smart hacking technique for phishing and scamming.

Through this, attackers take advantage and control a victim’s unattended browser tabs by hijacking and redirecting him to malicious URLs where they can perform a phishing attack and execute scripts and data URIS.

For example:

You are already logged in to your Facebook account and suddenly you see an interesting post with a web link. After clicking on the link, a new tab opens. Now, you are visiting an interesting post link on the new tab and unknowingly your previous tab will change to a fake Facebook login page. When you go back to the previous tab to log in to Facebook, your login information will be sent to the attacker and your successful login to Facebook because you never logged out.

Protect Yourself From Tab Napping:

Always check the URL in the address bar and ensure that it is using secure protocol HTTPS

Most web developers use target=”_blank” only to open links in new tab. If you use target=”_blank” only to open links in a new tab, then it is vulnerable to an attacker. When you open a link in a new tab ( target=”_blank” ), the page that opens in a new tab can access the initial tab and change its location using the window.opener property.
javascript code:
window.opener.location.replace(malicious URL)
rel=”nofollow noopener noreferrer”


Cyber world is hitting by Tabnapping. Many sites like Google and Facebook is affected by Tabnapping. Many of us is unaware about this hacking technique, so hackers are targeting us, using this attack.


Important Note:
It is just for educational purpose only.


Share with Friends
Use Cybytes and
Tip the Author!
Share with Friends
Ready to share your knowledge and expertise?
  1. Good article !! Great work!! And dont make a video step by step, if they dont understand they are just skiddies you know. You have my cybytes

  2. Welldone!
    Nice work

  3. my thoughts would be :
    1. “Tap-napping” the hackers can easily induce themselves to the pages and get our login info in the public wife zones.
    2. Parents needs to educate their children and supervise while using the internet using personal Laptop as i have seen this happening in my child as he sees something interesting on the games links he clicks it and continues the other windows as well which is prone to be hacked easily.
    but well explained in a simpler ways.

Page 2 of 2«12
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge


We recommend always using caution when following any link

Are you sure you want to continue?