Tabnabbing: Be careful if you tend to have a lot of windows open

15/04/2025

When you're browsing, close the windows you don't use! This habit that many users have is the reason why the phishing technique known as tabnabbing is becoming more common. In this new entry in the series "Protect yourself against fraud"Abre en ventana nueva, we analyze this form of cyberattack, which takes advantage of our browsing habits with multiple open tabs to impersonate legitimate web pages and steal sensitive information.

What is tabnabbing?

Tabnabbing is an advanced form of cyber fraud that exploits the trust we place in the websites we have opened ourselves. Cybercriminals stealthily modify the content of inactive tabs, replacing them with malicious replicas that perfectly mimic the original websites. When the user returns to a previously opened tab, they may encounter messages requesting to re-login due to an alleged expiration of credentials. It is at this time that attackers capture passwords and sensitive information.

How to protect yourself from tabnabbing?

To protect against these types of attacks, cybersecurity experts recommend taking a series of preventive measures:

  • Active tab management: Keep only the windows you are using open.
  • Verification of urls: thoroughly checks the web address before entering any personal or banking data.
  • Two-step authentication: activate this feature on all accounts that allow it to add an extra layer of security.
  • Using password managers: These tools can alert you if you're entering your credentials on a suspicious site.
  • Keep your browser updated: Software updates often include security patches that can protect you against new threats.

The best defense against these attacks is to always maintain a high level of caution and apply common sense when surfing the Internet. Don't let your guard down and protect your data!

 

“Disclaimer: Please note that this is a translation of the original in Spanish that has been obtained using eTranslation (the machine translation tool provided by the European Commission), with the intention of giving you a basic idea of the content in English until a human translation becomes available. The Banco de España accepts no liability whatsoever in connection with this translation.”

Did you find this information useful?