Tumblr 101: Tips And Tricks To Get Started
Sebastian Thrun: Google's Driverless Car
New Phishing Attack Using Pop-Up Windows From Bank Sites
The latest threat to your security comes in the form of so-called "in-session phishing" attacks, that present themselves as pop-up windows from legitimate Web sites (much like the screenshot above). Often, these pop-ups will occur while you're on a banking Web site and will tell you that your session has expired and prompt you to re-enter your username and password.
What makes these attacks particularly worrisome is that they don't require the installation of traditional malware. The pop-ups can be triggered by embedding a small piece of code in a legitimate Web site, but the code never actually gets loaded on a victim's computer, making it difficult if not impossible for traditional anti-malware defenses to detect the flaw.
Currently every major browser is susceptible to this hole, and since no code is required to be loaded on the victim's PC, no operating system is safe -- OS X and Linux are just as vulnerable as Windows to this attack. The best defense, as usual, is a little common sense. Don't trust any pop-ups that ask you to enter credentials, unless you know for sure that it is a legitimate window. Even better, don't trust any pop-up at all. Most legitimate Web sites ditched pop-ups long ago. [From: DarkReading]
Related Links:
16 Grammys Looks That Weren't Working
Whitney Houston Dead: Singer Dies at 48, Body Found in Beverly Hilton Hotel
Worst Movie Mistakes: Date Night Edition (PHOTOS)
Whitney Houston Autopsy: Cause of Death Determined?
Whitney Houston, Bobbi Kristina: Late Singer's Daughter Hospitalized
PHOTOS: President Obama's Kissing Technique
Whitney Houston Dead: Stars React to Legend's Sudden Death
Adele Five-Year Break? Singer Plans to Focus on Relationship, Write 'Happy Record'
How Hattie Lost 300 Pounds: 'I Was Ready To Do Whatever It Took To Survive'
Jennifer Hudson Whitney Tribute: Grammy President Reveals Why Singer Was Chosen for Musical Memorial
Grammy 2012 Winners' List: Adele Sweeps Music's Biggest Night
Matt Bomer Comes Out As Gay
3 Economic Misconceptions That Need to Die
5-Hour Energy: A Success Equal Parts Caffeine, Chemistry and Meditation
Grammy Awards 2012: The Best & Worst Of The Red Carpet!
People With Easy-To-Pronounce Names More Likely To Succeed, Study Says
Photos Of Dead Lacrosse Player's Injured Body Shown To Jury
12 Grammys Stars Who Gave Good Style
The Top 10 Slacker Colleges
15 Funny Valentine's Day Cards
Mystery Disease Kills Thousands
WATCH: 25 Million Tons Of Japan Tsunami Debris Headed Directly Our Way
Oprah Under Fire For Controversial Tweet
JUNGLE SURVIVAL: Marines Drink Snake Blood, Eat Insects
PHOTOS: Thank God For Grown-Up Glamour
Scuba-Diving Murder Trial: Prosecutors Drop One Charge Against Husband
PHOTOS: Kate Spends Valentine's Day Solo!
Remembering The People's Ballerina
Taylor Swift Does Great Depression Chic
PHOTO: Kate Upton Scores 'Sports Illustrated' Swimsuit Issue Cover!
PHOTOS: Beautiful Scars
15 Funny Valentine's Day Quotes
Comments
3
Subscribe to commentsCheeseJan 16th 2009 8:10PM
heehee on my firefox browser it just said "a pop up has been blocked"
NoahJan 17th 2009 12:13AM
Terrance...
Interesting read, but I'm still wondering one thing... if the code isn't on your computer, and it exists only on the site you're visiting (wachovia.com, wamu.com, etc) then who is installing the code? The webmaster of the bank? Sounds a little far-fetched to me. Correct me if I'm missing something.
This statement "the pop-ups can be triggered by embedding a small piece of code in a legitimate Web site" leads me only to conclude that the webmasters of the banks are the ones leading people to phishing sites. Like I said before... this doesn't sound correct.
JarrodJan 17th 2009 10:02AM
"To unlock your account, please login to your account"
lol nice.