How Can I Avoid Having My Gmail Account Compromised By A Tabnapping Attack?

If you have been using the internet for any length of time then you know that the one thing that is a constant is that new forms of cyber attacks are always evolving.

There are new attacks invented every day but only a small minority of them change the world.

There is one new attack, however, that is rising up the ranks because of how effective it is.

That attack is called tabnabbing and it uses a mixture of both technical skills and social engineering to perform a phishing attack.

beware of tabnapping attacks


The first thing that it does is to have you visit a web page that seems normal.

When you look at the page you will see nothing out of the ordinary.

The attack doesn’t happen while you are on the page though, it happens after you leave.

Once the JavaScript on the page sees that you have switched to another tab it will change the favicon, that is the little picture on the top of your browser that has the web pages logo on it, to the Gmail logo.

It then refreshes the page that you were on to look like the login for your Gmail account.

Since you are not expecting the attack, you probably think that this is your normal login so when you want to check your email account you will use this page to gain access to your email.

But, instead of logging in to Gmail, you are actually giving the bad guys your password and username.

They will be able to get into your account at a later date.

How To Avoid Tabnapping

There are several ways that you can avoid becoming a victim of an attack like this.

The first thing is that now that you know about it, if you have any questions on whether you opened gmail in your browser or not, shut the page off.

Type in the gmail page yourself so there will be no chance that you are attacked.

Your common sense will give you a greater defence against this attack than any software security product will.

Of course, having a good antivirus program installed is always recommended though and you should ensure that you always update whichever program you use.

Most antivirus vendors are aware of the attack so they have updated their antivirus signatures to be aware of it when it happens.

You should see a pop up telling you that it stopped an attack from happening on your system.

Once you see that, you know not to go to that web page ever again.

This attack is very slick as far as implementation and delivery goes.

This could fool even the most careful of security experts but the one thing about this attack is that once you know about it, it is quite easy to avoid.

So make sure that you are on the lookout for something like this happening and you and your email account will be safe.

About Lee Munson

Lee's non-technical background allows him to write about internet security in a clear way that is understandable to both IT professionals and people just like you who need simple answers to your security questions.


  1. I believe i saw where the Firefox addon NoScript protects a user from

Speak Your Mind