The Spanish National Police have drawn internet users’ attention to the growing threat associated with the habit of keeping multiple tabs open in the browser. This way of working or browsing can make users vulnerable to one of the latest types of fraud—tabnabbing.
Tabnabbing is a type of phishing in which attackers exploit inactive browser tabs. While the user is busy elsewhere, the content of one of these tabs can be replaced with a fake page that looks identical to the original. Most often, bank websites, email services, or social networks are imitated. When the user returns to the tab, they may be prompted to re-enter their login, password, or banking details under the pretext of session expiration. If the user fails to notice the substitution, they risk handing over their information to fraudsters.
There is also a reverse form of the attack: when following a link that opens a new tab, malicious code can alter the content of a previously opened page. In both scenarios, criminals count on the user’s trust in the sites they originally opened themselves.
The main danger of tabnabbing lies in the fact that the attack goes unnoticed. The user believes they are still on a familiar site and has no suspicion that their data could be intercepted. As a result, not only personal accounts but also corporate services may be at risk, especially when it comes to work computers.
Spanish police recommend minimizing the number of open tabs at the same time and closing those you are not using. It’s also important to always check the website address in the browser bar, especially if a page unexpectedly asks you to enter personal information or passwords. If the address differs from the usual one or contains suspicious characters, you should close the tab immediately.
Cybersecurity experts advise using different passwords for different services, so that if one account is compromised, the others remain protected. For storing passwords, it’s best to choose dedicated managers such as Bitwarden, 1Password, or LastPass. Additional protection is provided by two-factor authentication, which is recommended to enable wherever possible.
Another way to enhance security is to regularly update your browser. New software versions include fixes for vulnerabilities that attackers could exploit. Advanced users can also use extensions that block suspicious scripts and malicious content, such as uBlock Origin or NoScript.
Police emphasize: attentiveness and simple precautions can help prevent most attacks. Do not ignore security warnings or neglect to regularly check your open tabs. In today’s digital world, even routine actions can lead to serious problems if not given proper attention.
