New Phishing Technique Discovered. Learn How It Works…
It’s a new year and — what do you know — there’s a new tactic in the endless quest for new and improved phishing schemes from scammers.
Here’s How It Works
Researchers at Trusteer recently released a security advisory detailing this new phishing technique. Rather than using email to lure unsuspecting victims into clicking over to a fake web site, this technique uses what Trusteer is calling “in-session” attacks. Here’s a typical scenario:
- A user opens a browser and logs into their banking web site
- Leaving that browser session open, they open another browser window to check on their Webkinz or some other web pursuit.
- After a time, a pop-up window opens — supposedly from their bank web site — asking for them to re-enter their username and password.
- Since the user has recently logged in to the targeted web site, they are more likely to enter their info.
That’s it! Their login credentials are now in the hands of the scammers.
What Makes It Possible?
How Can You Protect Yourself?
Until then, Trusteer recommends the following preventative measures:
- Have an up-to-date anti-virus installed
- Be suspicious of any pop-ups asking you to login
and most of all…
- Log out of banking or other sensitive sites before heading over to Pogo.com for your bingo fix.
Learn more about this attack by downloading Trusteer’s security advisory.