CATEGORIES
home News

Browser bug increases vulnerability to phishing

by Amy VernonTuesday, January 13, 2009, 02:05 PM EDT

On the heels of the phishing attacks on Twitter and Digg, where all that immediately seemed to be at risk were logon credentials to the social sites, comes a potentially much more insidious problem.

Security vendor Trusteer has found a JavaScript bug in all major browsers makes it easier for crooks to steal your login information while you're doing your online banking. It's called "in-session phishing," and what makes it more difficult to detect is that it happens when you're already logged into your banking site.

The crooks can hack legitimate websites to create a pop-up window to verify your identity when you're already on the site. Security vendor Trusteer found the JavaScript bug in the biggest browsers - Internet Explorer, Firefox, Safari and Chrome. A press release from Trusteer explained how it would work:

A user logs onto their online banking application to perform some tasks. Leaving this browser window open, the user then navigates to other websites. A short time later a popup appears, allegedly from the banking website, which asks the user to retype their username and password because the session has expired, or complete a customer satisfaction survey, or participate in a promotion, etc. Since the user had recently logged onto the banking website, he/she will likely not suspect this popup is fraudulent and thus provide the requested details.

Because the window comes up when you're already on-site, you're more likely to belive it's real. The criminals can determine if you're logged on to one of 100 various banks or other financial institutions via a function in JavaScript, which Klein wouldn't discuss in more detail, because he didn't want to give the bad guys any ideas they didn't have already.

The good news: Trusteer has notified the browser makers and expects them to patch the bug.

And the company also offered these tips, which are common sense, but good advice nonetheless:
1. Deploy web browser security tools
2. Always log out of banking and other sensitive online applications and accounts before navigating to other websites
3. Be extremely suspicious of pop ups that appear in a web session if you have not clicked a hyperlink.

Tags:  security, browsers, Phishing
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment