Tabnabbing: Why You Need to Know What It Means

Taking Action
This is an archived article and the information in the article may be outdated. Please look at the time stamp on the story to see when it was last updated.

April is Digital Spring Cleaning Month, which means it’s a great time to learn about the tricks scammers are using to try and get ahold of your personal information. One new trick is called tabnabbing.

Do you have several tabs open while working or browsing online? No problem, right? Well it could be.

How many times a day do you go to different tabs to check your bank account, credit card statement or do online shopping? Hard to guess. And now, con artists have found a way to take advantage of this practice to get you to type your username and password into a fake page: tabnabbing.

Tabnabbing is a type of phishing scam where scammers switch a webpage you have open to a different, but familiar, webpage while the open tab is inactive. Con artists hope you don’t recognize the change and enter your login credentials.

The word “tabnabbing” was coined in 2010 by Aza Raskin, a security researcher and design expert. It began with Gmail being the victim of tabnabbing, but this phishing scam now can spoof any legitimate site’s login page.

This scam begins with trust, which can make it hard to detect. Modern technology allows con artists to rewrite tabs and their contents even while the tab stays inactive. Then a fake page is loaded, consumers are directed to that page to enter personal information.

So, what’s the big deal if they only get the login information for email accounts? In addition to having to reset passwords and tell everyone you have been hacked, the attackers can use access to your email to change the password on other accounts, like your bank. And remember, the con artist has seen details, such as your birth date, where you live and where you work that could possibly be used in other scams.

Let’s look at another example — if you logged into your bank account online or you check your credit card statement? If you did so using a fake web page that’s made to look like a legitimate company, then you’ve just given everything a scammer needs to access these accounts. Loss of funds, possible identity theft, charges on your credit cards are all possible.

Bottom line – before entering your credentials into a tab that you left open and seems very familiar to you, take just a second and do a double check. Ensure that it’s the true URL of the company. And remember, a good practice is to always close a tab when you are done using it.


To report a scam, go to the BBB Scam Tracker. To find trustworthy businesses, go to

Trending Stories

Latest News

More News