A target="_blank" link without rel="noopener noreferrer" gives the opened tab access to window.opener, allowing it to silently redirect the original tab to a phishing page.
Collector Log
Activating the link below sends a hit to /collect/. It appears here (auto-refreshes every 2 s).
No hits yet.
This link opens in a new tab without rel="noopener noreferrer". The opened tab has access to window.opener and can redirect this tab.
Click the link, then watch this tab — the tabnabbing target page will attempt to redirect it to /collect/tabnapped.