While online banking sites may appear to be more secure than most sites, some cybercriminals are apparently taking advantage of that idea and sending phony popup messages when users are logged into their account.
The in-session phishing attack asks the user to retype their username and password under the guise of their online banking session expiring, DarkReading.com reports. This may be particularly successful since many banks, such as Bank of America, have a set time for banking sessions and will log users off for security reasons.
Researchers said evidence of the attack in the wild hasn't been seen, but they "have witnessed precursors to it," according to the article.
Cybercriminals use malicious JavaScript to see the banking site URL where the victim is logged in and then generates a popup message posing as the bank, states DarkReading.com. The popup can also be a customer satisfaction survey or a special promotion.
Wednesday, January 21, 2009
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment