Fraudsters are replacing inactive webpages with a fake page to get at your login details.
YOU want to pay bills online and decide to load your bank's login page in one of the multiple tabs opened in your Web browser.
You switch to another tab for a few seconds, and when you return to the bank's site it looks exactly like how you left it.
So you happily enter your login details and, before you know it, you've been "tabnapped".
Beware tab-napping, a sly tactic fraudsters are now using to phish for personal information by replacing an inactive webpage with a fake page.
Phishing is the act of stealing sensitive information by posing as a legitimate source.
Tab-napping was highlighted last month by Mr Aza Raskin, creative head of Mozilla Firefox, in a blog post that demonstrated how scammers attack unsuspecting users.
For instance, when you navigate away from his website to another tab and then return to the site, the screen switches to an innocent- looking Gmail login page.
"The script waits for a predetermined period of inactivity before changing the display of the inactive tab to resemble the webpage of one of those sites and asks for login credentials."
Mr Raskin added that some scammers go a step further by tricking users into re-authenticate their login details, ostensibly to reactivate an expired session.
He warned that such re-authentication happens often on bank websites, making them "even more susceptible to this kind of attack".
While financial websites are often targets, users of popular social- networking site Facebook should beware as it is fast becoming a favourite phishing target.
Mr Paul Ducklin, head of technology (Asia-Pacific) of IT security firm Sophos, said the easiest way to avoid these scammers is to open the bank site in a tab of its own only when you want to start banking.
He said: "That way, there is never a hidden tab in which the bad guys can change things in the background.
"Likewise, close your browser when you have finished a transaction... There will then be no 'trusted tabs' left behind to confuse you in the future."
For more my paper stories click here.