{"id":20051,"date":"2022-02-04T10:52:59","date_gmt":"2022-02-04T10:52:59","guid":{"rendered":"https:\/\/easydmarc.com\/blog\/?p=20051"},"modified":"2025-05-28T20:26:12","modified_gmt":"2025-05-28T20:26:12","slug":"what-is-tabnabbing-and-how-it-works","status":"publish","type":"post","link":"https:\/\/easydmarc.com\/blog\/what-is-tabnabbing-and-how-it-works\/","title":{"rendered":"What Is Tabnabbing and How It Works"},"content":{"rendered":"<p><span style=\"font-weight: 400;\">Internet use continues to expand among the global population. Today, the world wide web is vital to <\/span><span style=\"font-weight: 400;\">millions of households<\/span><span style=\"font-weight: 400;\"> and businesses. This <\/span><a href=\"https:\/\/data.worldbank.org\/indicator\/IT.NET.USER.ZS\"><span style=\"font-weight: 400;\">enormous growth<\/span><\/a><span style=\"font-weight: 400;\"> has made information security a burning topic in recent times.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">New cyberthreats are discovered every day, and the need for organizations to implement sophisticated security measures is more vital than ever. One of the latest cyberattacks is called tabnabbing.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">While the human factor is often the weakest link in a cyberattack, tabnabbing doesn\u2019t need users to perform any action, i.e., clicking a malicious link or downloading an attachment.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">In this article, we\u2019ll walk you through how to <\/span><b>prevent tabnabbing.<\/b><\/p>\n<p><span style=\"font-weight: 400;\">But first, you need to understand what it means. So, <\/span><b>what is tabnabbing<\/b><span style=\"font-weight: 400;\">?<\/span><\/p>\n<h2><b>What is Tabnabbing?<\/b><\/h2>\n<p><span style=\"font-weight: 400;\">Tabnabbing is a social engineering attack in the phishing category. Essentially, it manipulates inactive web pages left open in your browser. This attack redirects a legitimate page to an attacker\u2019s malicious website. Like other phishing methods, a <\/span><b>tabnabbing attack<\/b><span style=\"font-weight: 400;\"> aims to trick users into submitting their login credentials and other sensitive information.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Let\u2019s look at a <\/span><b>tabnabbing example<\/b><span style=\"font-weight: 400;\"> to give you a better understanding.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Suppose you\u2019re on Site A, a social media or blog page, and you click on a link with a target = \u201c_blank\u201d that redirects you to Site B.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">From Site B, an attacker then redirects Site A to a malicious page on Site C, which can be a login page that looks identical and legitimate to the one of Site A.<\/span><\/p>\n<p><img fetchpriority=\"high\" decoding=\"async\" class=\"alignnone size-large wp-image-20228\" src=\"https:\/\/easydmarc.com\/blog\/wp-content\/uploads\/2022\/02\/Reverse-Tabnabbing-1024x520.png\" alt=\"graph of reverse tabnabbing\" width=\"1024\" height=\"520\" srcset=\"https:\/\/easydmarc.com\/blog\/wp-content\/uploads\/2022\/02\/Reverse-Tabnabbing-1024x520.png 1024w, https:\/\/easydmarc.com\/blog\/wp-content\/uploads\/2022\/02\/Reverse-Tabnabbing-300x152.png 300w, https:\/\/easydmarc.com\/blog\/wp-content\/uploads\/2022\/02\/Reverse-Tabnabbing-768x390.png 768w, https:\/\/easydmarc.com\/blog\/wp-content\/uploads\/2022\/02\/Reverse-Tabnabbing.png 1052w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/p>\n<h3><b>What is the Same-Origin Policy?<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">Let\u2019s discuss what the origin is to understand this policy better. If the host, port, and protocol are similar, the URLs are from the same origin. Most web browsers consider two URLs to be from different origins if any of these three elements are different.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Same-Origin Policy is a rule enforced by web browsers that manage data access between web applications and websites. With this policy, any website can access other web pages&#8217; Document Object Model (DOM).\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The purpose of the Same-Origin Policy is to separate websites from each other. For instance, when you\u2019re accessing Facebook.com, the webpage won\u2019t be able to access your bank login page that\u2019s open on another tab. This policy helps isolate malicious pages, thus, reducing possible attack vectors.<\/span><\/p>\n<h3><b>Tabnabbing Example<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">There\u2019s no denying that opening numerous tabs is common among users when multitasking. This makes you more susceptible to a tabnabbing attack. When you have several tabs open, it\u2019s easy for pop-ups to display without your knowledge.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">You might even think you opened the page yourself. For instance, let\u2019s assume you have your bank page open among your tabs.\u00a0<\/span><\/p>\n<ol>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">First, the malicious tab redirects the original bank page to a fake one with the same login interface.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">For security purposes, sensitive sites like your bank page always log you out when you\u2019re inactive for some time. So when you tab back to your bank page, you\u2019re presented with a fake login page.\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">You then assume you were automatically logged out and re-enter your credentials.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">The\u00a0 tabnabber now has your sensitive bank login details\u2014all without your knowledge.\u00a0<\/span><\/li>\n<\/ol>\n<h2><b>How Do Tabnabbing Attacks Work?<\/b><\/h2>\n<p><span style=\"font-weight: 400;\">The first step to preventing an attack is to understand how it works. In the case of tabnabbing, there are different ways a malicious page can get the window handle to a legitimate website. Below are some of the common ways:<\/span><\/p>\n<h3><b>The \u201cMalicious Page\u201d Opens a Window<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">An attacker can create a malicious page that opens a window on your web browser via the <\/span><b><i>window.open()<\/i><\/b><span style=\"font-weight: 400;\"> method. This method opens a resource on a new or existing browsing tab.\u00a0<\/span><\/p>\n<h3><b>The \u201cGood Page\u201d Opens a Window (Reverse Tabnabbing)<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">Another way to carry out a <\/span><b>tabnabbing attack<\/b><span style=\"font-weight: 400;\"> is when the legitimate page opens a window using the <\/span><b><i>window.open()<\/i><\/b><span style=\"font-weight: 400;\"> method. The attacker then uses the malicious web page to get a window handle to the legitimate website through the <\/span><b>window.opener<\/b><span style=\"font-weight: 400;\"> method.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">In most cases, navigation of the opener window is possible, meaning that the open page can access a URL from the original window. This makes phishing possible as an attacker can replace the original window (i.e. the \u201cgood\u201d page) with a phishing website (i.e. the \u201cmalicious: page).\u00a0<\/span><\/p>\n<h3><b>Reverse Tabnabbing Through Links<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">When a user clicks on a link with a <\/span><b><i>target = \u201c_blank\u201d<\/i><\/b><span style=\"font-weight: 400;\">, an attacker can redirect the user to a malicious site under their control. Once you access the malicious page, it can control the original page using the <\/span><b><i>window.opener object<\/i><\/b><span style=\"font-weight: 400;\">.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The attacker then changes the location of the original page using the <\/span><b><i>window.opener.location<\/i><\/b> <span style=\"font-weight: 400;\">so it can replace it with a fake website that resembles the original one.\u00a0<\/span><\/p>\n<h3><b>Reverse Tabnabbing Through Frames<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">Another way an attacker can execute <\/span><b>reverse tabnabbing<\/b><span style=\"font-weight: 400;\"> is through frames. A website can load another web page in an iframe. Many ads work in this way. As such, a malicious page can redirect the parent page using the <\/span><b><i>window.parent <\/i><\/b><span style=\"font-weight: 400;\">property.<\/span><\/p>\n<h2><b>Why is Tabnabbing Efficient?<\/b><\/h2>\n<p><span style=\"font-weight: 400;\">Unlike with other <\/span><a href=\"https:\/\/easydmarc.com\/blog\/phishing-attacks-recognize-and-avoid-email-phishing\/\"><span style=\"font-weight: 400;\">phishing methods<\/span><\/a><span style=\"font-weight: 400;\">, preventing tabnabbing attacks can be daunting. The victim doesn\u2019t need to perform any action like clicking a link or downloading an attachment. Web browsers can navigate through a page\u2019s origin in static tabs, making the attack even more efficient.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">When we use a web browser, we often open numerous tabs simultaneously and keep them open to switch between pages. When we leave a page inactive for a long time, an attacker can gain control and replace it with a fake replica.\u00a0<\/span><\/p>\n<h2><b>How to Prevent Tabnabbing Attacks<\/b><\/h2>\n<p><span style=\"font-weight: 400;\">Tabnabbing is a sneaky phishing scam that an attacker can execute in your browser without your knowledge. That doesn\u2019t mean you\u2019re helpless, though. On the contrary, you can <\/span><b>prevent tabnabbing<\/b><span style=\"font-weight: 400;\"> by implementing the following measures:<\/span><\/p>\n<h3><b>Always Check the Domain<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">Before entering your login details, make sure the domain is legitimate and keep an eye out for any strange or suspicious-looking additions to the URL. Familiarize yourself with important or frequent domains you use to quickly identify any anomalies.<\/span><\/p>\n<h3><b>Use Mobile Apps Instead of Your Mobile Browser<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">Mobile browsers are notoriously targeted by tabnabbers. If you need to login into your email, e-wallet, bank, or e-commerce store account, rather use the trusted app wherever possible.<\/span><\/p>\n<h3><b>Implement a Cross-Origin Opener Policy<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">The Cross-Origin Opener Policy is a new security feature available in most browsers. This policy allows you to ensure that a top-level document doesn\u2019t share a browsing window or tab with cross-origin documents.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The Cross-Origin Opener Policy or COOP restricts the ability to alter the <\/span><b><i>document.domain<\/i><\/b><span style=\"font-weight: 400;\">. Being able to alter the <\/span><b><i>document.domain<\/i><\/b><span style=\"font-weight: 400;\"> is a security loophole in the Same-Origin Policy we discussed earlier. Unlike COOP, this security flaw makes it easier for attackers to execute a tabnabbing attack.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Conversely, the COOP isolates your documents, preventing potential tabnabbers from accessing top-level windows and opening malicious sites in your browser. New tabs or windows opened via the <\/span><b><i>window.open()<\/i><\/b><span style=\"font-weight: 400;\"> property won\u2019t be able to attack the system, either.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">This policy is now available in popular browsers like Google Chrome and Mozilla Firefox.<\/span><\/p>\n<h3><b>Set the rel=&#8221;noopener&#8221; Attribute to Your Links<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">If you want to link your website to other pages in new windows, the best practice is to include the<\/span><b><i> rel=\u201dnoopener\u201d<\/i><\/b><span style=\"font-weight: 400;\"> attribute to your links or a tag. Find an example below:<\/span><\/p>\n<p><b><i>&lt;a href=&#8221;https:\/\/www.example.com&#8221; rel=&#8221;noopener noreferrer&#8221;&gt;&lt;\/a&gt;<\/i><\/b><\/p>\n<p><span style=\"font-weight: 400;\">How does the \u201cnoopener\u201d attribute work?<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The <\/span><b><i>\u201cnooppener\u201d<\/i><\/b><span style=\"font-weight: 400;\"> attribute instructs the web browser to navigate to the target site without granting the new browsing context access to the parent document that opened it. It sets the <\/span><b><i>window.opener<\/i><\/b><span style=\"font-weight: 400;\"> to <\/span><b>\u201cnull<\/b><span style=\"font-weight: 400;\">.<\/span><b>\u201d<\/b><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">This is crucial when opening untrusted sites to prevent tampering with the original web page via the <\/span><b><i>window.opener<\/i><\/b><span style=\"font-weight: 400;\"> property.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Though the<\/span><b><i> \u201cnoreferrer\u201d<\/i><\/b><span style=\"font-weight: 400;\"> is not related to tabnabbing, it\u2019s the best practice, and you can also adopt it. The<\/span><b><i> \u201cnoreferrer\u201d <\/i><\/b><span style=\"font-weight: 400;\">prevents data from a user browser\u2019s URL from leaking to other websites.\u00a0\u00a0<\/span><\/p>\n<h3><b>Sandbox Your Frames<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">An excellent preventive measure against tabnabbing from websites you load in the iframe is to sandbox the frame using the <\/span><b><i>sandbox <\/i><\/b><span style=\"font-weight: 400;\">attribute as indicated below.\u00a0<\/span><\/p>\n<p><b><i>&lt;iframe sandbox=&#8221;allow-scripts allow-same-origin&#8221; src=&#8221;https:\/\/www.example.com&#8221;&gt;&lt;\/iframe&gt;<\/i><\/b><\/p>\n<p><span style=\"font-weight: 400;\">The <\/span><b><i>sandbox <\/i><\/b><span style=\"font-weight: 400;\">attribute is an <\/span><b>HTTP Content-Security-Policy (CSP)<\/b><span style=\"font-weight: 400;\">\u00a0 directive that restricts a page\u2019s actions (including popups), enforces a same-origin policy, and prevents the execution of scripts and plugins.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">So when you open a new tab in an iframe, the sandbox prevents the new window from redirecting its parent page.\u00a0<\/span><\/p>\n<h3><b>Implement an Isolation Policy<\/b><\/h3>\n<p><span style=\"font-weight: 400;\">One recent browser\u2019s feature is the <\/span><b><i>fetch metadata<\/i><\/b><i><span style=\"font-weight: 400;\">\u2014<\/span><\/i><span style=\"font-weight: 400;\">an HTTP request header that provides the browser with additional information about the context from which the request originates from.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">With this request header, you can implement an isolation policy that allows external sites to only request data that are intended for sharing, and used appropriately. This isolation policy is an effective security measure to prevent cross-site threats like <\/span><b>tabnabbing attacks<\/b><span style=\"font-weight: 400;\">.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">This policy is not yet supported by browsers like Safari and Firefox. But you can still implement it in a fully backward compatible way to enjoy its benefits on unsupported browsers.<\/span><\/p>\n<h2><b>Final Thoughts<\/b><\/h2>\n<p><span style=\"font-weight: 400;\">Tabnabbing is a dangerous threat which can be difficult to prevent. However, we\u2019ve discussed simple security measures you can implement to protect your web browser from tabnabbers.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Ensure you implement a cross-origin opener policy and add the rel=\u201dnoopener\u201d attribute to the links on your website. Also, don\u2019t forget to implement a resource isolation policy and add sandbox attributes to iframes on your website.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">As with all other phishing types, cybercriminals can target anyone. So organizations must educate their employees to identify and defend against any form of phishing attacks.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Internet use continues to expand among the global &#8230;<\/p>\n","protected":false},"author":5,"featured_media":20222,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[204,290,199],"tags":[],"class_list":["post-20051","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","category-cyberattacks-cyberthreats","category-cybersecurity"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.4 (Yoast SEO v27.4) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>What Is Tabnabbing and How It Works | EasyDMARC<\/title>\n<meta name=\"description\" content=\"What is tabnabbing? It&#039;s a phishing attack with a funny name and dire consequences. Here we cover tabnabbing examples and how it works.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/easydmarc.com\/blog\/what-is-tabnabbing-and-how-it-works\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"What Is Tabnabbing and How It Works\" \/>\n<meta property=\"og:description\" content=\"What is tabnabbing? It&#039;s a phishing attack with a funny name and dire consequences. Here we cover tabnabbing examples and how it works.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/easydmarc.com\/blog\/what-is-tabnabbing-and-how-it-works\/\" \/>\n<meta property=\"og:site_name\" content=\"EasyDMARC\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/EasyDMARC\/\" \/>\n<meta property=\"article:published_time\" content=\"2022-02-04T10:52:59+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-05-28T20:26:12+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/easydmarc.com\/blog\/wp-content\/uploads\/2022\/02\/08.02-What-is-Tabnabbing-and-How-it-Works_.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1440\" \/>\n\t<meta property=\"og:image:height\" content=\"910\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Hasmik Khachunts\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@easydmarc\" \/>\n<meta name=\"twitter:site\" content=\"@easydmarc\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Hasmik Khachunts\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/easydmarc.com\\\/blog\\\/what-is-tabnabbing-and-how-it-works\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/easydmarc.com\\\/blog\\\/what-is-tabnabbing-and-how-it-works\\\/\"},\"author\":{\"name\":\"Hasmik Khachunts\",\"@id\":\"https:\\\/\\\/easydmarc.com\\\/blog\\\/#\\\/schema\\\/person\\\/1ee4f162a98bccc5ff8b6fefdfaf245c\"},\"headline\":\"What Is Tabnabbing and How It Works\",\"datePublished\":\"2022-02-04T10:52:59+00:00\",\"dateModified\":\"2025-05-28T20:26:12+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/easydmarc.com\\\/blog\\\/what-is-tabnabbing-and-how-it-works\\\/\"},\"wordCount\":1630,\"publisher\":{\"@id\":\"https:\\\/\\\/easydmarc.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/easydmarc.com\\\/blog\\\/what-is-tabnabbing-and-how-it-works\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/easydmarc.com\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/02\\\/08.02-What-is-Tabnabbing-and-How-it-Works_.jpg\",\"articleSection\":[\"Blog\",\"Cyberattacks and Cyberthreats\",\"Cybersecurity\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/easydmarc.com\\\/blog\\\/what-is-tabnabbing-and-how-it-works\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/easydmarc.com\\\/blog\\\/what-is-tabnabbing-and-how-it-works\\\/\",\"url\":\"https:\\\/\\\/easydmarc.com\\\/blog\\\/what-is-tabnabbing-and-how-it-works\\\/\",\"name\":\"What Is Tabnabbing and How It Works | EasyDMARC\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/easydmarc.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/easydmarc.com\\\/blog\\\/what-is-tabnabbing-and-how-it-works\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/easydmarc.com\\\/blog\\\/what-is-tabnabbing-and-how-it-works\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/easydmarc.com\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/02\\\/08.02-What-is-Tabnabbing-and-How-it-Works_.jpg\",\"datePublished\":\"2022-02-04T10:52:59+00:00\",\"dateModified\":\"2025-05-28T20:26:12+00:00\",\"description\":\"What is tabnabbing? It's a phishing attack with a funny name and dire consequences. Here we cover tabnabbing examples and how it works.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/easydmarc.com\\\/blog\\\/what-is-tabnabbing-and-how-it-works\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/easydmarc.com\\\/blog\\\/what-is-tabnabbing-and-how-it-works\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/easydmarc.com\\\/blog\\\/what-is-tabnabbing-and-how-it-works\\\/#primaryimage\",\"url\":\"https:\\\/\\\/easydmarc.com\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/02\\\/08.02-What-is-Tabnabbing-and-How-it-Works_.jpg\",\"contentUrl\":\"https:\\\/\\\/easydmarc.com\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/02\\\/08.02-What-is-Tabnabbing-and-How-it-Works_.jpg\",\"width\":1440,\"height\":910,\"caption\":\"08.02 What is Tabnabbing and How it Works\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/easydmarc.com\\\/blog\\\/what-is-tabnabbing-and-how-it-works\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/easydmarc.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Blog\",\"item\":\"https:\\\/\\\/easydmarc.com\\\/blog\\\/category\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Cybersecurity\",\"item\":\"https:\\\/\\\/easydmarc.com\\\/blog\\\/category\\\/blog\\\/cybersecurity\\\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Cyberattacks and Cyberthreats\",\"item\":\"https:\\\/\\\/easydmarc.com\\\/blog\\\/category\\\/blog\\\/cybersecurity\\\/cyberattacks-cyberthreats\\\/\"},{\"@type\":\"ListItem\",\"position\":5,\"name\":\"What Is Tabnabbing and How It Works\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/easydmarc.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/easydmarc.com\\\/blog\\\/\",\"name\":\"EasyDMARC\",\"description\":\"Blog\",\"publisher\":{\"@id\":\"https:\\\/\\\/easydmarc.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/easydmarc.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/easydmarc.com\\\/#organization\",\"name\":\"EasyDMARC\",\"url\":\"https:\\\/\\\/easydmarc.com\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"url\":\"https:\\\/\\\/easydmarc.com\\\/img\\\/logo.png\"},\"image\":{\"@id\":\"https:\\\/\\\/easydmarc.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/EasyDMARC\\\/\",\"https:\\\/\\\/x.com\\\/easydmarc\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/easydmarc\\\/mycompany\\\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/easydmarc.com\\\/blog\\\/#\\\/schema\\\/person\\\/1ee4f162a98bccc5ff8b6fefdfaf245c\",\"name\":\"Hasmik Khachunts\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/556e30ecef3fde7f1400ab37fa210642b14cd1a6cf57ae3d669996eb5324fc9e?s=96&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/556e30ecef3fde7f1400ab37fa210642b14cd1a6cf57ae3d669996eb5324fc9e?s=96&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/556e30ecef3fde7f1400ab37fa210642b14cd1a6cf57ae3d669996eb5324fc9e?s=96&r=g\",\"caption\":\"Hasmik Khachunts\"},\"url\":\"https:\\\/\\\/easydmarc.com\\\/blog\\\/author\\\/hasmik\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"What Is Tabnabbing and How It Works | EasyDMARC","description":"What is tabnabbing? It's a phishing attack with a funny name and dire consequences. Here we cover tabnabbing examples and how it works.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/easydmarc.com\/blog\/what-is-tabnabbing-and-how-it-works\/","og_locale":"en_US","og_type":"article","og_title":"What Is Tabnabbing and How It Works","og_description":"What is tabnabbing? It's a phishing attack with a funny name and dire consequences. Here we cover tabnabbing examples and how it works.","og_url":"https:\/\/easydmarc.com\/blog\/what-is-tabnabbing-and-how-it-works\/","og_site_name":"EasyDMARC","article_publisher":"https:\/\/www.facebook.com\/EasyDMARC\/","article_published_time":"2022-02-04T10:52:59+00:00","article_modified_time":"2025-05-28T20:26:12+00:00","og_image":[{"width":1440,"height":910,"url":"https:\/\/easydmarc.com\/blog\/wp-content\/uploads\/2022\/02\/08.02-What-is-Tabnabbing-and-How-it-Works_.jpg","type":"image\/jpeg"}],"author":"Hasmik Khachunts","twitter_card":"summary_large_image","twitter_creator":"@easydmarc","twitter_site":"@easydmarc","twitter_misc":{"Written by":"Hasmik Khachunts","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/easydmarc.com\/blog\/what-is-tabnabbing-and-how-it-works\/#article","isPartOf":{"@id":"https:\/\/easydmarc.com\/blog\/what-is-tabnabbing-and-how-it-works\/"},"author":{"name":"Hasmik Khachunts","@id":"https:\/\/easydmarc.com\/blog\/#\/schema\/person\/1ee4f162a98bccc5ff8b6fefdfaf245c"},"headline":"What Is Tabnabbing and How It Works","datePublished":"2022-02-04T10:52:59+00:00","dateModified":"2025-05-28T20:26:12+00:00","mainEntityOfPage":{"@id":"https:\/\/easydmarc.com\/blog\/what-is-tabnabbing-and-how-it-works\/"},"wordCount":1630,"publisher":{"@id":"https:\/\/easydmarc.com\/blog\/#organization"},"image":{"@id":"https:\/\/easydmarc.com\/blog\/what-is-tabnabbing-and-how-it-works\/#primaryimage"},"thumbnailUrl":"https:\/\/easydmarc.com\/blog\/wp-content\/uploads\/2022\/02\/08.02-What-is-Tabnabbing-and-How-it-Works_.jpg","articleSection":["Blog","Cyberattacks and Cyberthreats","Cybersecurity"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/easydmarc.com\/blog\/what-is-tabnabbing-and-how-it-works\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/easydmarc.com\/blog\/what-is-tabnabbing-and-how-it-works\/","url":"https:\/\/easydmarc.com\/blog\/what-is-tabnabbing-and-how-it-works\/","name":"What Is Tabnabbing and How It Works | EasyDMARC","isPartOf":{"@id":"https:\/\/easydmarc.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/easydmarc.com\/blog\/what-is-tabnabbing-and-how-it-works\/#primaryimage"},"image":{"@id":"https:\/\/easydmarc.com\/blog\/what-is-tabnabbing-and-how-it-works\/#primaryimage"},"thumbnailUrl":"https:\/\/easydmarc.com\/blog\/wp-content\/uploads\/2022\/02\/08.02-What-is-Tabnabbing-and-How-it-Works_.jpg","datePublished":"2022-02-04T10:52:59+00:00","dateModified":"2025-05-28T20:26:12+00:00","description":"What is tabnabbing? It's a phishing attack with a funny name and dire consequences. Here we cover tabnabbing examples and how it works.","breadcrumb":{"@id":"https:\/\/easydmarc.com\/blog\/what-is-tabnabbing-and-how-it-works\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/easydmarc.com\/blog\/what-is-tabnabbing-and-how-it-works\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/easydmarc.com\/blog\/what-is-tabnabbing-and-how-it-works\/#primaryimage","url":"https:\/\/easydmarc.com\/blog\/wp-content\/uploads\/2022\/02\/08.02-What-is-Tabnabbing-and-How-it-Works_.jpg","contentUrl":"https:\/\/easydmarc.com\/blog\/wp-content\/uploads\/2022\/02\/08.02-What-is-Tabnabbing-and-How-it-Works_.jpg","width":1440,"height":910,"caption":"08.02 What is Tabnabbing and How it Works"},{"@type":"BreadcrumbList","@id":"https:\/\/easydmarc.com\/blog\/what-is-tabnabbing-and-how-it-works\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/easydmarc.com\/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https:\/\/easydmarc.com\/blog\/category\/blog\/"},{"@type":"ListItem","position":3,"name":"Cybersecurity","item":"https:\/\/easydmarc.com\/blog\/category\/blog\/cybersecurity\/"},{"@type":"ListItem","position":4,"name":"Cyberattacks and Cyberthreats","item":"https:\/\/easydmarc.com\/blog\/category\/blog\/cybersecurity\/cyberattacks-cyberthreats\/"},{"@type":"ListItem","position":5,"name":"What Is Tabnabbing and How It Works"}]},{"@type":"WebSite","@id":"https:\/\/easydmarc.com\/blog\/#website","url":"https:\/\/easydmarc.com\/blog\/","name":"EasyDMARC","description":"Blog","publisher":{"@id":"https:\/\/easydmarc.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/easydmarc.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/easydmarc.com\/#organization","name":"EasyDMARC","url":"https:\/\/easydmarc.com\/","logo":{"@type":"ImageObject","url":"https:\/\/easydmarc.com\/img\/logo.png"},"image":{"@id":"https:\/\/easydmarc.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/EasyDMARC\/","https:\/\/x.com\/easydmarc","https:\/\/www.linkedin.com\/company\/easydmarc\/mycompany\/"]},{"@type":"Person","@id":"https:\/\/easydmarc.com\/blog\/#\/schema\/person\/1ee4f162a98bccc5ff8b6fefdfaf245c","name":"Hasmik Khachunts","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/556e30ecef3fde7f1400ab37fa210642b14cd1a6cf57ae3d669996eb5324fc9e?s=96&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/556e30ecef3fde7f1400ab37fa210642b14cd1a6cf57ae3d669996eb5324fc9e?s=96&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/556e30ecef3fde7f1400ab37fa210642b14cd1a6cf57ae3d669996eb5324fc9e?s=96&r=g","caption":"Hasmik Khachunts"},"url":"https:\/\/easydmarc.com\/blog\/author\/hasmik\/"}]}},"jetpack_featured_media_url":"https:\/\/easydmarc.com\/blog\/wp-content\/uploads\/2022\/02\/08.02-What-is-Tabnabbing-and-How-it-Works_.jpg","_links":{"self":[{"href":"https:\/\/easydmarc.com\/blog\/wp-json\/wp\/v2\/posts\/20051","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/easydmarc.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/easydmarc.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/easydmarc.com\/blog\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/easydmarc.com\/blog\/wp-json\/wp\/v2\/comments?post=20051"}],"version-history":[{"count":1,"href":"https:\/\/easydmarc.com\/blog\/wp-json\/wp\/v2\/posts\/20051\/revisions"}],"predecessor-version":[{"id":48017,"href":"https:\/\/easydmarc.com\/blog\/wp-json\/wp\/v2\/posts\/20051\/revisions\/48017"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/easydmarc.com\/blog\/wp-json\/wp\/v2\/media\/20222"}],"wp:attachment":[{"href":"https:\/\/easydmarc.com\/blog\/wp-json\/wp\/v2\/media?parent=20051"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/easydmarc.com\/blog\/wp-json\/wp\/v2\/categories?post=20051"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/easydmarc.com\/blog\/wp-json\/wp\/v2\/tags?post=20051"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}