Links
- Other Posts
- Conficker Worm
- Federal Reserve Bank Phishing Emails
In-Session Phishing
Security researchers have found yet another new technique phishers are using to collect user information. The new method is called “in-session phishing” and involves creating a pop-up requesting the user to re-enter username and password information for an already open banking session. First, the site hosting the malicious code will try to detect whether the user has an open banking session. The malicious site then will create a pop-up that indicates that the banking session has expired and the user credentials must be entered again. Information then typed into the malicious pop-up will be recorded by the phishers. Researchers also have stated that the pop-up may be cleverly masked and also can come in the form of customer satisfaction surveys or advertisements. Since the site is not technically injecting code or files onto the user’s machine, this type of attack will be harder to detect than normal trojans or viruses.
This type of phishing attack can be avoided with some basic user awareness and oversight. Key suggestions include the following.
- Always remember to keep browsers and operating systems at the current patch level, as a lot of malicious activity exploits known weaknesses in applications.
- Also, always remember to log out of online banking sessions when finished.
- It is also a good idea to try to make a habit of not having other “tabs” open as well, if you browser supports tabbed browsing (Firefox, IE 7-8).
- And, as always, remember not to click or follow any links presented in a pop-up. Legitimate sites are aware that pop-ups are popular attack methods and will try to limit the amount of pop-ups created for important functions.
- Disabling pop-ups through the browser settings may also be a good idea, as this will block all pop-ups, yet legitimate pop-ups still can be visited using simple keystrokes (usually CTRL+click).
Related Links:
- Dark Reading (http://www.darkreading.com/security/attacks/showArticle.jhtml;jsessionid=UUO2RZHX1HU4MQSNDLPSKH0CJUNN2JVN?articleID=212900161)
- Trusteer Researchers Advisory (http://www.trusteer.com/files/In-session-phishing-advisory-2.pdf)