Beware of Tabnabbing

  • Author
  • #483985


    Instead of posting this on my blog, I thought it would be better if I did it here for the simple reason that this site is read way more in one day than what my blog would in one year.

    Read in detail here:

    Tabnabbing is a new type of phishing. The following is an excerpt taken from that site:

    How The Attack Works

    1. A user navigates to your normal looking site.
    2. You detect when the page has lost its focus and hasn’t been interacted with for a while.
    3. Replace the favicon with the Gmail favicon, the title with “Gmail: Email from Google”, and the page with a Gmail login look-a-like. This can all be done with just a little bit of Javascript that takes place instantly.
    4. As the user scans their many open tabs, the favicon and title act as a strong visual cue—memory is malleable and moldable and the user will most likely simply think they left a Gmail tab open. When they click back to the fake Gmail tab, they’ll see the standard Gmail login page, assume they’ve been logged out, and provide their credentials to log in. The attack preys on the perceived immutability of tabs.
    5. After the user has entered their login information and you’ve sent it back to your server, you redirect them to Gmail. Because they were never logged out in the first place, it will appear as if the login was successful.

    It works in Firefox and partially in Chrome, but other browsers may be targeted too.

    You can test this on his site (I still recommend reading the whole article), just change tabs and wait for about 5 seconds, go back and you’ll see he’s site change to be a Google login page (actually it’s a screenshot, but you get the point).

    Whenever you’re asked to enter your credentials or “re authenticate your session” *always* check your address bar and see if the URL is correct. If it is not, clear your history, delete your cookies, close your browser and start a new session.

    Browse Safely.

    The blog I need help with is



    Thanks for this very important heads up devblog.



    Thanks I’ll sticky post the thread for a while so it doesn’t get buried… = )



    Thanks guys.



    You’re welcome! Dev,






    very interesting :D



    I am not sure what exactly this problem is but I ran into what appears to be exactly this problem while watching the video at above mentioned site ( I was watching the video at that site and all of a sudden the video disappeared and I was brought back to what appeared to be a Gmail login screen but the URL was pointing to this person’s website instead of Google.

    I recommend staff check this information properly and come back with an explanation in layman terms, as to what exactly is going on here. I am getting really suspicious. This thread made me clear my browser cache, reset password and all.



    It seems you didn’t read well what I posted nor the information on the site I linked to. If you read the whole thing you would have known that what it seemed to be a Google page was just a demonstration of what this “exploit” can do. The site itself is NOT harmful.

    BTW, I am not staff just a volunteer who thought to pass this along to make others aware of this type of phishing attack. Hence my recommendation at the end of the post.

    Sorry if I have some misspelled words; I’m typing this on my Droid.



    You may have a point but this website’s presentation is not that clear. It would have been one thing if the redirected screen was in the video itself, but the video redirected my browser’s page to a fake website.

    Anyways, thanks for this information, doesn’t hurt to be careful.


    As an IT person I would say that you should never ever ever leave yourself logged into anything anyway.
    It is so easy for poeple to hack into servers these days and if you are left logged in your user name and password can be vulnerable because far too often logins pass in unencrypted text or plain text and if you are left in and someone hacks that server they could easily get your login and password
    However if you are logging in for short periods to edit then log off you are far less susceptible to that sort of security breach.



    Thanks for this info.
    Browse safely, DO NOT VISIT PORN SITE.



    Great advice :D



    Why not visiting porn sites ?! There are some very safe and cool.



    I thought porn site is not safe.
    peoples better buy porn dvd rather than visiting porn site :lol:



    What a cool trick. Too bad it’s a Sith trick. Thanks for the heads up!



    Thank you very much ^^


    Even with firefox I’ve even tried it without changing tabs and it also does it – so it’s doubly dangerous.

    If you select a different window on the desktop (but NOT change tabs in the browser) the script still detect this and does the page-switch.

    Very intruiging. So simple as well. In pursuit to stop it at

    It’s a concern how the less savvy are going to treat (or be treated by tabnabbing)


The topic ‘Beware of Tabnabbing’ is closed to new replies.