A new method of phishing attack is starting to rear its head up to try and gain sensitive information from unsuspecting users. This new method goes back to the warning I have given out for years now. Do not have a sensitive page (ie, your bank, paypal..etc) open while browsing. What this new threat does is it will attack a vulnerable website and injects a javascript code into the site. When you visit the now infected site and have a window open to your bank it causes a popup to come up that tells you that your session has timed out and you need to relog in. Make sure you log out of sensitive sites before browsing. If you have a website make sure you are secure and check for any changes in coding. That is what happened to this site and some others I am hosting. It wasn’t a threat to capture your information but we did get attacked by the yahoo counter script. The first things we noticed was the fact that our rss feeds were broken. Then doing a source search we found yahoo counter starts at the bottom of the page before the closing body tags. I do not know what the exact code is that this one places into websites but will attempt to find it. I feel as a responsible website owner I should try to stay on top of the situation and even moved my sites to a more secure server.
Here is what Trusteer.com explains about the sophisticated attacks:
“An in-session phishing attack occurs while the victim is logged onto an online banking application and therefore is much more likely to succeed. A typical attack scenario would occur as follows. A user logs onto their online banking application to perform some tasks. Leaving this browser window open, the user then navigates to other websites. A short time later a popup appears, allegedly from the banking website, which asks the user to retype their username and password because the session has expired, or complete a customer satisfaction survey, or participate in a promotion, etc. Since the user had recently logged onto the banking website, he/she will likely not suspect this popup is fraudulent and thus provide the requested details.”
To protect themselves from in-session phishing attacks, Trusteer recommends that users:
1. Deploy web browser security tools
2. Always log out of banking and other sensitive online applications and accounts before navigating
to other websites
3. Be extremely suspicious of pop ups that appear in a web session if you have not clicked a hyperlink