[Previous] Bank phishing notice...

 [Next] Security and Hacking: The State of WordPress Blogs | The ...

Some related posts from Technorati and Google.

[bMighty Blog] Popup Phishing: Online Banking In-Session Phish Need No E-Mail ...: If the user is visiting one of those sites while engaged in a secure transaction, the in-session phish generator takes advantage of a JavaScript function (unspecified by Trusteer) and fashions a popup based on browser information about the institution the user is working with and sends it forth. According to Trusteer, the vulnerability .

[DarkReading - All Stories] New Phishing Attack Targets Online Banking Sessions With Phony ...: log out of banking and other sensitive online apps and accounts before going to other Websites; and be suspicious of any popups during a Web session if you haven't clicked on a hyperlink.

[Latest articles from SC Magazine US Patch Management] New phishing ploy exploits secure sessions to hijack data - SC ...: All criminals need to do is compromise a legitimate website with malicious JavaScript and wait for people to surf there, said Trusteer CTO Amit Klein. When users visit that site, the malcode will leverage a vulnerability in the way a certain function is implemented in popular browsers, he told SC MagazineUS.com on Monday.

[Web Talk] How to protect your Gmail from phishers and pestware | Web Talk: Google has become a powerhouse How to protect your Gmail from phishers and pestware - webtlk.com 01/15/2009 After a happy life, Gmail users are experiencing a lot of nasty surprises. [...]

[Darknet - The Darkside] Fake CNN Site From Phishing E-mail Serves Trojan | Darknet - The ...: A new e-mail that is circulating looks like it comes from CNN and links to a fake CNN Web page offering “graphic” video related to the Israel-Hamas conflict but instead hosts a Trojan that steals sensitive data, RSA said on Thursday.

[Security Response Weblog] How Phishes Reach the Basket - Online Fraud - STN Peer-to-Peer ...: The evolution of the delivery methods is strictly related to the continued development of Web technologies. The first samples of phishing attacks we came in touch with years ago were entirely composed of static HTML-only pages.

[Anti spam and general email security in a business environment] In-session phishing holds new potential for attack: It works by attacking a legitimate web site and implanting code on it that generates an illegitimate pop-up when visitors go to the legitimate site. Using a JavaScript function, the attacker can determine whether or not users are logged into one of several banking web sites, and then if they are logged in, then the illegitimate pop-up would appear.

[Identity Theft Blog from www.insideIDtheft.info] Identity Theft Blog from www.insideIDtheft.info » Blog Archive ...: In-session phishing gives the bad guys a solution to the biggest problem facing phishers these days: how to reach new victims. In a traditional phishing attack, the scammers send out millions of phony e-mail messages disguised to look like they come from legitimate companies, such as banks or online payment companies.

[SpywareRemove Blog] New Phishing Attacks: Fake CNN Email About Israel-Hamas Conflict ...: Security researchers are currently warning online users of this serious threat as they suspect thousands of these fake CNN News phishing emails have been sent out. Below are images from Trendmicro of the fake CNN News email messages and the phishing website.

[Speaking of Security, the RSA Blog and Podcast] Speaking of Security... | Blog Entry: RSA FraudAction Research Lab ...: The first is “in-page HTML modifications”, designed to seamlessly merge within a bank’s web pages, requesting that the user provide additional information such as their social security number, mother's maiden name or ATM PIN code. The second type of HTML injection is a complete web page that is inserted locally into the user’s browser on the infected PC, once again requesting extra information from the user.

[InfoMods.com - Actualités rss du web] Twitter phishing scam may be spreading | Webware - CNET: Update 2: The effect of getting taken in by this scam seems to be that affected accounts send messages to their followers with the original phishing message. To date, no other effect of falling victim to the scam has been reported.

Reflected tags on Technorati: Blog, Phishing: Blogs, Photos, Videos And More On Technorati, Web Of Trust: Blogs, Photos, Videos And More On Technorati, Tag Page For: Anti Phishing, Tag Page For: Phishing, Global Security Watch