New Phishing Technique Exploits Browser Bug
Researchers at Trusteer, a security company, has warned of a new "in-session phishing" attack that could become active by exploiting a loophole discovered in all dominant browsers. This loophole could allow cyber criminals to capture users' Internet banking credentials.
According to the news report, the sophisticated phishing attack could be launched to insert bogus information queries into the popular browsers as well as many famous Internet applications like electronic brokerage and banking systems. Basically, the malicious attack technique deceives users' into giving away their information after they logged into different websites.
Evidently, this new phishing method enables scammers to make fresh victims.
A conventional phishing attack includes criminals sending a huge number of fake e-mails that pose to arrive from established organizations or institutions like online payment firms or banks. Often anti-spam software filters and blocks these phony e-mails. But in the case of 'in-session phishing', the fraudulent e-mails are taken out and replaced with a pop-up window of the browser.
The new technique involves compromise of a legitimate website by scammers and injecting HTML code that appears as the pop-up window giving a security alert. This pop-up would ask the user to feed in his password and other log-in details, and probably answer the security questions that banks use to confirm their customers' identity.
Related article: New Zealand Releases Code To Reduce Spam
» SPAMfighter News - 28-01-2009