Content area
Full text
A bug found in all major browsers allows phishers to bypass spam e-mail filters and employ a new attack called in-session phishing to steal online banking credentials and personal data. Here's how users can avoid becoming victims
Businesses that allow clients to log into online accounts run the risk of falling prey to a new kind of phishing attack which exploits a vulnerability found in all major browsers to enable hackers to bypass spam filters.
In traditional phishing attacks, scammers send out millions of bogus e-mail messages disguised as letters from legitimate companies such as banks, online payment firms and other financial organizations. A large number of these messages are blocked by spam filtering software. However, with in-session phishing, the e-mail message is replaced by a pop-browser window which evades filters designed to block spam e-mails, according to security vendor Trusteer Ltd. of Tel Aviv.
In this type of attack, scammers are most likely hack a legitimate Website and plant an HTML code that looks like a pop-up security alert window. When a customer logs onto the site, the pop-up appears on the customer's computer screen. The pop-up then asks for the victim to enter his or her password, login information and possibly answer other security questions used by banks and other...





