Tabnabbing is a phishing attack that takes advantage of an idle tab in your internet browser. When a malicious script detects that the user has moved to another tab or has been inactive for some time, it quietly refreshes the idle background tab, redirecting it to a fake login page of a seemingly legitimate website. When you click on the tab, you’ll probably assume that you opened the site yourself. If you log in, your credentials are sent to the owner of the malicious website.
To prevent tabnabbing, keep as few tabs open as possible. Check the address bar for the correct url. Look out for differences between the page and the genuine site (e.g., spelling mistakes and unusual layouts).
Tabnabbing is a social engineering attack. It depends on the victim’s attentiveness and the ability of the hacker to con the victim into believing in his malicious site.
Picture Credit : Google