IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Next-generation phishing attacks online banking

E-mail phishing is so last year – now criminals are using craftier attacks, including phishing online banking sessions through your browser.

An advanced new phishing attack tricks users into giving away confidential information after they have logged on to an online banking website.

Most computer users are familiar with email phishing, where they are sent emails with links to fraudulent websites. This new "in-session phishing" attack differs because it creates pop-ups while you're in session with your real online banking account, asking for details such as passwords and account numbers.

Attackers compromise the website, inserting code to create the pop-up. Since the user had just recently logged onto the banking website, they may not suspect that the pop-up is fraudulent.

"We have been investigating new phishing methods with a specific focus on what we call 'in-session' attacks, which are more likely to succeed since they occur after a user has logged into a banking or other secure website," said Trusteer chief technology officer Amit Klein in a statement.

Klein said that his company's research found that all the leading browsers, based on their design, are vulnerable to this technique. He added: "We have already notified the vendors and our customers, and now are alerting the public to practice safe web browsing techniques especially when accessing financial applications."

To succeed, the base website must be compromised for the attack to be launched, and the malware must be able to identify which website the user is currently logged in to. Considering the ease with which malware compromised legitimate computers last year, the first step can clearly be easily achieved.

Featured Resources

The state of Salesforce: Future of business

Three articles that look forward into the changing state of Salesforce and the future of business

Free Download

The mighty struggle to migrate SAP to the cloud may be over

A simplified and unified approach to delivering Enterprise Transformation in the cloud

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

The Total Economic Impact™ Of IBM FlashSystem

Cost savings and business benefits enabled by FlashSystem

Free Download

Recommended

Education and government most at risk from email threats
phishing

Education and government most at risk from email threats

26 Nov 2021
Attackers use CSS to fool anti-phishing systems
phishing

Attackers use CSS to fool anti-phishing systems

11 Nov 2021

Most Popular

Why convenience is the biggest threat to your security
Sponsored

Why convenience is the biggest threat to your security

8 Aug 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

29 Jul 2022
Cyber attack on software supplier causes "major outage" across the NHS
cyber attacks

Cyber attack on software supplier causes "major outage" across the NHS

8 Aug 2022