Hackers use tab nabbing scam to steal information
It’s the age of technology computers so more and more tasks are being rerouted to the internet to be done.
With more things going online, that means more online scams. One type of internet scam first popped up around 10 years ago and is now resurfacing once again: tab nabbing.
Many people do things like check their bank accounts, credit cards, pay bills and shop online – and often, do so simultaneously. The more open tabs, the more open doors for hackers to steal your information.
Tab nabbing is where hackers can hijack your open browsers and redirect them to a fake site. It’s a type of phishing scam that involves hackers to rewrite tabs and their contents while the tab stays inactive. Then a fake page is loaded that looks legitimate, and users are directed to enter their information. That sends the information straight to the hackers.
This is especially problematic for sites like banking, where they automatically go inactive after a certain amount of time.
“Usually after about 30 minutes of inactivity, it will log you off and it will come up with a message saying to log back on,” described Chris Sorensen, chief information officer and head of the information technology department for the city of Pocatello. “Well, the bad guys have figured out to make that, when you log back on, go to their site versus to your bank or wherever you want to go.”
Hackers will get your bank and other financial information, your email, your usernames and passwords, maybe even other personal details.
Sorensen said they don’t even need to get it all from one site – they can piece bits of information about you together from several sites, including social media.
“They go to your social media sites, they find out your birth date, they find out your maiden name, they find out who you’re married to, and little by little, they start getting all of the questions that you’ve answered for your security questions,” Sorensen said. “Where were you born? Where did you go to high school? Unfortunately, a lot of people put that out on their social media sites.”
Hackers getting any of that information could cost you thousands of dollars, your good credit, maybe even your entire identity.
“When you’re banking, when you’re buying anything online, it should be a secure site,” Sorensen said. “And you can tell it’s a secure site because it begins with ‘https.’ There will be that ‘s,’ which stands for secure. If that’s not there when you type in your user name and password, it’s going out in the clear and anybody can intercept it out there. Also, there’s usually a little padlock in the left hand corner on the URL that will tell you it’s a secure site.”
Sorensen said some other tips to watch for: watch for slight misspellings or other hard to catch mistakes in the URL. The hackers will make it look as realistic as possible, but look carefully.
If a link does look weird, or you’re unsure about a page, copy the link into a new tab or browser and see if it’s legitimate.
He said also be careful and limit what you put on social media. Sorensen also recommends having a different password for each site, so that if hackers gain access to one login, they won’t get them all. He said find a secure software, or other method, to keep track of your usernames and passwords if you can’t remember them all.
Sorensen said you can also use two factor authentication. That’s an added security measure that requires a code to be sent to your phone to be used to login with a username and password. That way, a hacker would not have the code, even if they had the login.
The Better Business Bureau also recommends closing all your tabs after use, and closing them and reopening them if you haven’t looked at that tab for awhile.
Sorensen also adds to make sure that your computer software and internet security are always up to date as well. He said many sites will catch tab nabbing, but not always.
Both the BBB and Sorensen just recommend being vigilant when online so that you don’t fall victim to any online scam. Especially before entering any type of information into a website, double check that it’s legitimate.
More information on tab nabbing can be found at the BBB’s website here.
