Contents

Reverse tab nabbing, phishing on steroids.

💉 Reverse tab nabbing, phishing on steroids.

Are you familiar with reverse tab nabbing?

🐟 Reverse tab nabbing is a phishing attack technique that involves redirecting a tab’s original page to a malicious one. This technique is particularly vicious as it can trick users into thinking they’re still on the legitimate site they originally visited.

An example

To help you understand this attack, here’s a realistic scenario.

1️⃣  A victim browses a vulnerable site and clicks on a teaser link pointing to https://legit-store.com

2️⃣  The legit-store.com website offers a great discount on their products.

3️⃣  While the user is busy, legit-store.com redirects the user’s social network tab to an identical phishing site.

4️⃣  The user closes the legit-store.com site (not that interesting the discounts).

5️⃣  He returns to his social networking tab… containing the fake phishing site.

6️⃣  The unsuspecting user “reconnects” to the fake site. 😭