Click any word in a definition or example to find the entry for that word
the criminal activity of stealing an Internet user's personal information by substituting a fake web page at an inactive tab during an Internet browsing session
'Tab napping works on the user's assumption that a tabbed web page stays the same when other Internet services are being accessed. Raskin said that if a fake page 'updates' when the user isn't looking, when they return to the tab they will simply presume they left a web page open, and log in as normal.'The Inquirer 26th May 2010
'The tab nappers wait for their chance and silently replace the original tab in which the user may have been working, particularly if they relate to a bank account. The culprits replace the original tab with a fake one …'The Statesman 22nd June 2010
'You switch to another tab for a few seconds, and when you return to the bank's site it looks exactly like how you left it. So you happily enter your login details and, before you know it, you've been tabnapped.'DigitalOne 15th June 2010
Anyone who regularly uses the Internet can't fail to appreciate the convenience of tabbed browsing. Gone are the days when we had to endlessly press 'back' and 'forward' arrows to navigate our way through the web pages we were interested in. Now we can open them all up in tandem, happily hopping our way back and forth between them – webmail, a personal blog, an article from yesterday's newspaper, all sitting there, side-by-side. Unfortunately however, just like many other helpful innovations which have been tainted by a criminal minority, the phenomenon of tabbed browsing has paved the way for a new security threat described in recent months as tab napping.
the phenomenon of tabbed browsing has paved the way for a new security threat described in recent months as tab napping
Most Internet users have by now wised up to the security threat known as phishing, which involves tricking people into handing their personal details over to fraudsters by sending them an e-mail which directs them to a fake website. Phishing e-mails aren't difficult to spot these days, often betraying their lack of authenticity by tell-tale deficiencies in wording. Fraudsters therefore need to find new way of catching people out, and it seems that they have done so by capitalizing on patterns of behaviour in the course of tabbed browsing.
Imagine you open up a web browser and decide to check your bank balance, so you go to the login screen of your bank. Distracted for a moment or two, you open up another tab so you can check out today's weather forecast, where you dawdle a short while to catch up on the latest news. On returning to the bank's login screen, you happily enter your details – all well and good – maybe? What if, without you realizing, the bank's login screen had been replaced by a fake version whilst you weren't looking? You'd be inadvertently submitting your personal details to fraudsters, and have fallen prey to the scam of tab napping.
Scam artists using this technique, dubbed tab nappers, have developed a program that can change inactive web pages. While you're not looking at it, the inactive tab morphs into something that looks exactly like the page you were using, but is in fact entirely bogus, and if you enter your details, they'll fall into the wrong hands – you'll have been tabnapped.
The expression tab napping was coined in early 2010 by Aza Raskin, a Californian Internet security researcher and design expert who was the first to identify the problem. The term quickly spawned derivatives tab napper for perpetrators and transitive verb tabnap, usually appearing in passive form as in be/get tabnapped.
Tab napping is formed from a blend of the words tab and kidnapping (= the act of illegally taking someone prisoner, usually in an attempt to get money from someone). In the expression, the word tab refers of course to one of multiple web pages opened within a browser. Though this is undoubtedly one of the most common senses of tab used today, printed dictionaries have been slow to acknowledge it, still generally concentrating on the traditional senses of tab such as the flap of material, key on a keyboard, bill in a restaurant, etc. The latest edition of the Compact Oxford Dictionary does cover this newer sense however, defining it as 'a second or further document or page that can be opened on a spreadsheet or Internet browser'.
A lexical variant tab nabbing is also sometimes used, based on the verb nab which describes the action of quickly taking something, usually to gain an advantage.
Read last week's BuzzWord. Upcycle.
This article was first published on 25th October 2010.
to post a tweet, usually a negative one, that mentions a person without using the @ sign, so that they will not see the message on their Twitter feed …add a word