skip to content
rss Subscribe print Printer Friendly Share this Page
HomeBlogJanuary, 2009

New Phishing Technique Discovered. Learn How It Works...

It's a new year and — what do you know — there's a new tactic in the endless quest for new and improved phishing schemes from scammers.

Here's How It Works

Researchers at Trusteer recently released a security advisory detailing this new phishing technique. Rather than using email to lure unsuspecting victims into clicking over to a fake web site, this technique uses what Trusteer is calling "in-session" attacks. Here's a typical scenario:

  • A user opens a browser and logs into their banking web site
  • Leaving that browser session open, they open another browser window to check on their Webkinz or some other web pursuit.
  • After a time, a pop-up window opens — supposedly from their bank web site — asking for them to re-enter their username and password.
  • Since the user has recently logged in to the targeted web site, they are more likely to enter their info.

That's it! Their login credentials are now in the hands of the scammers.

What Makes It Possible?

A few things have to be in place for this to work. First, the scammers need a compromised web server in order to install the malware. Fortunately, there are lots of those around. Second, the malware has to be able to determine which other sites the user has visited. This is possible based on a vulnerability in the JavaScript engine used by Internet Explorer, Firefox, Safari, and Chrome.

From Trusteer:

The source of the vulnerability is a specific JavaScript function. When this function is called it leaves a temporary footprint on the computer and any other website can identify this footprint. Websites that use this function in a certain way are traceable. Many websites, including financial institutions, online retailers, social networking websites, gaming, and gambling websites use this function and can be traced.

How Can You Protect Yourself?

Well, the planets have to align a bit to pull this scam off and it's likely the JavaScript vulnerability will be patched in the near (hopefully) future.

Until then, Trusteer recommends the following preventative measures:

  • Have an up-to-date anti-virus installed
  • Be suspicious of any pop-ups asking you to login

    • and most of all...

  • Log out of banking or other sensitive sites before heading over to Pogo.com for your bingo fix.

Learn more about this attack by downloading Trusteer's security advisory.

January 15, 2009
3 comments
Categories
Add a comment

3 Comments

liz

Posted 6/26/2009

I've been really worried about buying things online lately with all this identity theft going around. I've been trying to educate myself on the different ways people steel others identities. This website has been VERY helpful, for people out there like me who just want to educate themselves on the subject, i found the following website helpful as well:
http://www.e-personalfinance.com/article/How-to-Minimize-the-Risk-of-Identity-Theft.html
Hope this helps!!

Anonymous

Posted 6/16/2009

~Kubic I love Press Release Writing
nice reading

Anonymous

Posted 5/25/2009

I am geting hot at all of the phishing going on over my way. I have phishing lines rom all over the world dangling every where I turn. My e-mail is completely full of nothing but phishing emails , from lotteries to suspicious to good to be true offers. How do I get them to stop I feel like mr. limpit. This is getteing ridiculous. will someone assist or offer a suggestion for me?

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

More information about formatting options