Next-generation phishing attacks online banking

E-mail phishing is so last year – now criminals are using craftier attacks, including phishing online banking sessions through your browser.

An advanced new phishing attack tricks users into giving away confidential information after they have logged on to an online banking website.

Most computer users are familiar with email phishing, where they are sent emails with links to fraudulent websites. This new "in-session phishing" attack differs because it creates pop-ups while you're in session with your real online banking account, asking for details such as passwords and account numbers.

Attackers compromise the website, inserting code to create the pop-up. Since the user had just recently logged onto the banking website, they may not suspect that the pop-up is fraudulent.

"We have been investigating new phishing methods with a specific focus on what we call 'in-session' attacks, which are more likely to succeed since they occur after a user has logged into a banking or other secure website," said Trusteer chief technology officer Amit Klein in a statement.

Klein said that his company's research found that all the leading browsers, based on their design, are vulnerable to this technique. He added: "We have already notified the vendors and our customers, and now are alerting the public to practice safe web browsing techniques especially when accessing financial applications."

To succeed, the base website must be compromised for the attack to be launched, and the malware must be able to identify which website the user is currently logged in to. Considering the ease with which malware compromised legitimate computers last year, the first step can clearly be easily achieved.

Featured Resources

The ultimate law enforcement agency guide to going mobile

Best practices for implementing a mobile device program

Free download

The business value of Red Hat OpenShift

Platform cost savings, ROI, and the challenges and opportunities of Red Hat OpenShift

Free download

Managing security and risk across the IT supply chain: A practical approach

Best practices for IT supply chain security

Free download

Digital remote monitoring and dispatch services’ impact on edge computing and data centres

Seven trends redefining remote monitoring and field service dispatch service requirements

Free download

Recommended

X-rated phishing attacks just keep growing
phishing

X-rated phishing attacks just keep growing

4 Jun 2021
eBay, Apple, Microsoft, Facebook, and Google were phishers’ top targets in 2020
phishing

eBay, Apple, Microsoft, Facebook, and Google were phishers’ top targets in 2020

20 Apr 2021

Most Popular

Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans
Laptops

Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans

11 Oct 2021
Windows 11 has problems with Oracle VirtualBox
Microsoft Windows

Windows 11 has problems with Oracle VirtualBox

5 Oct 2021