A new form of online scam known as “tabnapping” has been flagged by authorities as a growing cybersecurity threat.
According to reports, this scam targets computer users who habitually leave multiple browser tabs open over extended periods of time.
Diaspora Digital Media (DDM) gathered from a recent public warning issued by Dorset Police that fraudsters have discovered how to exploit inactive browser tabs using sophisticated scripting techniques.
The scam, which is a new variation of phishing, involves cybercriminals injecting malicious JavaScript code into inactive tabs that users have not interacted with for some time.
Once a user returns to the dormant tab, the malicious script alters the content and label of the tab to resemble the legitimate login page of a popular website.
In most cases, it mimics platforms such as online banking services, email providers, or online shopping portals.
Users, assuming their session has timed out or that they have been logged out automatically, often re-enter their login credentials into the fake interface.
These credentials are then harvested by the fraudsters, who use them to gain unauthorized access to the victim’s real accounts and commit financial fraud or identity theft.
Some scammers even display messages on the fake login screen, such as “session timed out,” to make the deception more convincing.
“This is a message that appears on legitimate websites, particularly on banks, increasing the likelihood that the user thinks the login screen is trustworthy,” a Dorset Police spokesperson explained.
Computer users are now being advised to take precautions to stay safe from this emerging threat.
Basic cybersecurity measures such as regularly closing unused tabs, using updated antivirus and anti-spyware software, and being cautious about tab behavior are strongly recommended.
Authorities also advise that when in doubt, users should avoid re-entering information into a suspicious tab.
Instead, they should close the tab completely and manually retype the official website URL into a new browser window.
Background information shows that phishing scams have evolved significantly over the past decade.
Originally, most phishing attacks were carried out via deceptive emails.
However, in recent years, cybercriminals have shifted towards browser-based attacks that exploit the habits and behaviors of everyday internet users.
As users continue to open numerous tabs for multitasking and productivity, scammers have found new opportunities to exploit their trust in previously opened pages.
Experts warn that unless the public becomes more aware of these subtle forms of deception, such scams will continue to succeed.
Maintaining strong cyber hygiene, such as keeping software updated, avoiding suspicious links, and not assuming an open tab remains secure, is now more critical than ever.
