What Is Reverse Tabnabbing and How Can You Prevent It?
Web platforms are connected through links. Users navigate from one page to another by clicking links to contents of interest. This enhances the user experience and impacts search engine optimization (SEO). But it all goes south when cybercriminals step on the scene.
Attackers can place malicious external links on your web pages to redirect users to their sites and then compromise their accounts through reverse tabnabbing. Your reputation is at stake when people are exposed to threats on your platform. Take control of your security by learning how reverse tabnabbing attacks work and how to prevent them.
What Is Reverse Tabnabbing?
Reverse tabnabbing occurs when you click a link on a legitimate website only to find the link redirects you to a malicious website in a new tab. In thisdevious type of phishing attack, the trickster sends you to a fabricated site which looks like the original site. There’s a tendency for you to believe you are still on the original site and follow their instructions because you think you are in safe hands.
How Does Reverse Tabnabbing Work?
Reverse tabnabbing happens on websites that allow users to post external links in the comments sections. Otherwise, intruders wouldn’t be able to publish links on sites they don’t control.
Let’s play out how a typical reverse tabnabbing attack works.
You are browsing on example.com, for instance. As you read through the comments, you come across one that catches your attention. The poster is probably promoting a service or product you find interesting. There’s a link in their post, and you click it out of curiosity.
A new tab opens on your browser upon clicking the link. The page looks like the original page where you saw the comment. There’s some information on the new tab. You read it and it pricks your curiosity.
A login interface pops up, requesting that you log in to continue your browsing session. You are taken aback for a second because you remember entering your login details in example.com earlier, but you shake it off thinking the page is requesting your login information again due to a network glitch.
You proceed to enter your login credentials and the rest is history. The attacker uses your information to access your account on the legitimate website, which canlead to sensitive data exposureand breach.
How Can You Prevent Reverse Tabnabbing Attacks?
Reverse tabnabbing takes advantage of the legitimacy of an authentic web page. Since the victim has some level of trust in the website they are browsing, they go on to enter their details on the opening page.
As a network owner, you cansecure your web browserand prevent reverse tabnabbing attacks in the following ways.
Configure Noopener Commands to Block Access
A noopener is an HTML attribute you can use to secure your web pages against external malicious pages. You configure your browser to add the code to external links on your web pages while it processes the links. As users open third-party links, the code will nullify the attacker’s attempts to access your page through their malicious page.
Even if the intruder successfully collects users' login credentials on their fake page, the information will be useless because they can’t access your own page. Any actions on the fake page will have no impact on your website.
The rise of reverse tabnabbing attacks made WordPress create the noopener tag as a default automatic feature on their sites. If you are hosting your site on WordPress, you are covered from this attack to a large extent.
There are misconceptions about the noopener tag harming a website’s search engine optimization (SEO) but that’s not true. It’s a security measure that focuses on browsers with no impact on traffic.
Implement Noreferrer Tags to Protect Your Identity
Noreferer is like noopener—you could use it to prevent the new tabs that users open via external links on your site from accessing your web content. It offers extra layers of security by blocking the new tab from seeing your identity.
Noopener prevents the new tab from accessing your website, but the attacker can still see that the traffic was from your place. That information is valuable to threat actors as they can use it to plan further attacks. In noreferrer, there’s no record or link to your website even though the traffic is generated from there.
Noreferrer doesn’t affect your SEO negatively, but it affects your link-building, especially if you are trying to increase your platform’s authority and ranking in search engines. The more you link to high-ranked sites, the higher your ranking grows. Noreferrer nullifies all links even when you link to credible sites.
Just like the noopener attribute, noreferrer is an automatic feature on WordPress. This automatically impacts your inbound strategy to increase your ranking by linking to authority sites.
Use No Follow Attributes to Disassociate From Malicious Sites
When you link to other sites on your page, you endorse those sites and direct search engines to boost their rankings. The same thing happens when other sites link to yours. But with unsolicited and malicious links being on your site, you don’t need to approve every link.
Threat actors also use tabnabbing to increase their ranking and traffic. You could be helping them grow their network if you don’t add a no follow attribute to external links.
If your website ranks high in search engines, other sites you link to will benefit from its ranking. But when you use a no follow attribute, you disassociate yourself from external links you don’t trust and inform search engines that you don’t want them to benefit from your ranking.
Adopt Cross-Origin Opener Policy to Isolate Pages
Cross-origin opener policy (COOP) is a browser-focused security measure that enables you to segment the pages of your browsing content group so your pages don’t undergo the same processing as suspicious pages. This isolation prevents attackers from accessing the data on your own pages.
COOP is an effective way to prevent reverse tabnabbing attacks as your browser processes the opening page separately with no connection to the page where the link was clicked on.
Prevent Reverse Tabnabbing With Proactive Security
Reverse tabnabbing is a form of social engineering attack where the actor manipulates the user to take harmful actions. While it’s important that people cultivate a healthy cybersecurity culture to avoid falling prey to cybercriminals' antics, you need to secure your system to push back even when users make a mistake.
By making a proactive effort, you retain some level of control instead of allowing the bad guys to take you by surprise.
A session hijacking is a situation where an attacker hijacks your active web session. Here’s how you can prevent it!
The key is not to spook your friends with over-the-top shenanigans.
You’ve been quoting these famous films wrong all along!
My iPhone does it all, but I still need my dumb phone.
Some subscriptions are worth the recurring cost, but not these ones.
Your iPhone forgets what you copy, but this shortcut makes it remember everything.
