Have you opened the label for a few minutes, hours, or even all night? When you return to this tab, it is not unexpected that you need to log in again. Who eventually tracks the refresh schedule and logout timer for each page? Not us! However, this type of behavior makes web pages vulnerable on tabs. Such cyber attacks target site users who process personal information, such as e-mail providers and social media portals. Tabnapping relies on users’ trust in familiar websites, especially their indifference to the details of the tabs they open.
Note: sometimes you can see \
Distinguish between different types of phishing attacks (for example, clicking on a jump link in an e-mail) and labels. Labels are usually users who don’t know whether the label is fake. The fake login page is loaded on a tab that has been open for a long time in the browser. Most people don’t think they’ve been taken over by soft labels. Tabnapping attacks are particularly successful when attackers can see websites that users often load. You can then simulate a site where users log in regularly. Suppose you have gone to the bank website to log in. Enter the URL directly and enter the login page directly. However, you still like to perform other operations in other tabs or windows. Click the bank tab again because you are ready to log in to view your account in about an hour.
For the in tag Ping attack, before that, the browser had moved to the page pretending to be a bank page. But you will see the same page as the bank page you visited 100 times and opened earlier in the day. If you specify the target = _blankattribute for an HTML href element in the tab how it works browser, you can open an external link in a new tab or window. Unfortunately, this makes users vulnerable to tag attacks. Tabnpping is sometimes seen as a design flaw in some browsers. However, although the browser is not intentionally vulnerable to hacker attacks and operations, the design of allowing tags is intentional.
If a page is loaded and the tab is open for a long time, the browser can navigate the source of the page on the inactive tab. What should I do? This is related to the same source policy as the online security concept. This is because if the source of two web pages (host name, port number and URI scheme) is the same, the browser allows the script of one web page to access the data of another web page. The purpose of the policy is to prevent malicious activities. If there are malicious scripts on the first page, please prevent importing sensitive data from other pages. However, this security measure also makes tabs possible.
During the attack, the attacker sends a web page with target = _blankattribute and inserts a malicious link into it. If the user clicks a malicious link, a new tab opens. The hacker then changes the first tag to a fake phishing page. This is the user himself
Please pay close attention to programs and plug-ins. After installing the software, if there is a problem, please uninstall it immediately. In addition, the cache needs to be cleaned and cleared regularly to keep the browser clean and tidy. Of course, please use anti-virus software regularly. If possible, do not use public and \/ or unsafe Wi Fi.
To sum up, the tabnpping attack allows users to directly open the tag and think that the site has timed out. The original page is linked to a second page, which can recreate the original page and replace it with a purchasing site. You won’t notice that this is an alternative page because users start with a legitimate page. The page design is the same as the original page. When a user logs in to the source page, the credentials are sent to a completely different location. To protect yourself as much as possible, don’t log in to a tab you don’t have open. If you think the tag is open but temporarily inactive, return to the login page. For security reasons, close the tag, return to the website and open a new page. Please always check the URL. For other browser hijacking threats, please practice good browser hygiene. Limit and pay attention to the software you use, clear the browser cache regularly, and invest in high-quality anti-virus software. You can also read about cookie hijacking and how to prevent this from happening. Has your browser been clicked? Please tell me your opinion! Legend_art \/ Shutterstock. Recommended pictures of COM
