News Stay informed about the latest enterprise technology news and product updates.

Phishing attack uses pop-up message on bank sites

PhishingResearchers at security vendor Trusteer have discovered a new phishing method that forces pop-up login messages to appear on legitimate banking websites.

The messages trick users into giving up passwords, account numbers and other sensitive information. Sometimes the messages appear after they have logged into an online banking or other financial website, Trusteer said.

Trusteer issued an advisory on their find. The technique is called Session Phishing, and is used after attackers inject malicious code into major browsers.

Trusteer CTO Amit Klein said the method makes phishing attacks more likely to be successful because they try to trick people after they have logged into a legitimate website. Klein said the major browser makers have been notified.

I can see how the phishing attack can easily trick people. Trusteer said the pop-up window sometimes requests the user to retype their username and password because the session has expired. How many times have you had that happen? It sometimes also asks users to complete a customer satisfaction survey or participate in a promotion. I typically stay away from those and so should you.

Two researchers recently wrote a report outlining how phishers are failing to make a ton of money. The report, which we wrote about last week, said there were too many phishers driving down the price cybercriminals pay for stolen information. There’s varying opinions on this report and some are immediately doubting it because it came from Microsoft Research. More on that in another post.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close