Tabbed browsing has been around for quite a while now, allowing users to switch between dozens of websites whilst keeping the task bar clutter free. One 2009 study discovered that users switch tabs at least 57.4% of the time, 36% of users opening new tabs for search engine use.
It’s become common practice for internet users to login to several websites at once using the tab method. A recent study of Firefox users by Mozilla revealed the following reasons for using tabbed browsing:
– To act as a reminder to do something later
– Opening many document/search links at once
– As a substitute for the back button
– Keeping frequently used sites open
– Temporary bookmarks
The study also found that an average of 73.3% of tab switches were revisits.
All of this would simply be an interesting way of looking at internet browsing if it weren’t for one small detail. Cyber-criminals are exploiting the system.
During a typical day in the office, you may have several applications that require a login open at once. Let’s say you have Google, LinkedIn, Twitter, BBC News and Amazon open. You’re in the middle of looking for something on Amazon, when someone asks you to find an article for them, so you switch to Google and carry out a search. After a while, you switch back to Amazon and are confronted not with the page you were previously on, but with the login page. No problem, you’ve obviously just been kicked out of the site and just need to log back in. That’s what many would assume, and that is the assumption that phishers are playing on.
It’s important to remember that when we fill out online forms and submit login details, we are entrusting our information to an organisation outside our control. It’s not enough just to trust these organisations to protect our data. We need to make sure we do, too.