Tabnabbing is a phishing method in which attackers take advantage of victims’ unattended browser tabs. After hijacking an inactive tab and redirecting it to malicious URLs, an attacker can perform a phishing attack and execute scripts.
With reverse tabnabbing, on the other hand, attackers can actually rewrite the source page after a victim clicks a malicious link. Usually, this means replacing a source page with a phishing site before the victim navigates back to that original tab. Here, the redirection happens through links from the parent site to the attacker’s site.
These attacks can fool even an attentive user. Here’s how developers can take steps to prevent them.