| Author | Thread |
|
|
01/14/2009 09:09:16 AM · #1 |
For those unfamiliar with the term, "phishing" is when a scammer tricks you into giving them your private information, usually by pretending to be a trusted source. Traditionally, the vector has been an e-mail pretending to be from your bank, Ebay, Paypal, or a similar entity.
This new approach relies on you having your bank or other secure site open in another tab within your browser. The malicious site then opens a pop up, pretending to be a dialog from the trusted site and asking for credentials in order keep the session open. Since you are already logged on to the trusted site, even a net savvy user could be fooled by this one.
In-session phishing doesn't appear to be a major threat. In order to function successfully, the malware requires that a user have simultaneous browser windows open to both a login/secure site and an infected site, and that the secure site is on the malware's pregenerated list of targets.
Here's the article with full details
Best defense may be to not have multiple browser tabs or windows open when you are logged into your bank or similar sites. |
|
|
|
01/14/2009 10:43:07 AM · #2 |
with IE7 at least. if you set up your browser security to 'trust' certain sites. for instance i have DPC set to trusted so IE7 doesn't block the popups for entering thumbnails and what not.
doing this causes IE7 to open a new window when you navigate to a site on your trusted list ( not in another tab ). if while on one of your trusted sites - you click a link to a non-trusted ( random link - whatever ) that page opens in a sperate window. not another tab.
Message edited by author 2009-01-14 10:43:40.
|
|
|
|
01/14/2009 01:21:14 PM · #3 |
Originally posted by soup:
for instance i have DPC set to trusted so IE7 doesn't block the popups for entering thumbnails and what not. |
I have DPC on my least trusted site list. Full of very shady characters I tell ya.
Thanks for the tip, 'spiff. I hadn't heard of that one. |
|
|
|
01/14/2009 01:26:42 PM · #4 |
Originally posted by Art Roflmao:
Originally posted by soup:
for instance i have DPC set to trusted so IE7 doesn't block the popups for entering thumbnails and what not. |
I have DPC on my least trusted site list. Full of very shady characters I tell ya.
Thanks for the tip, 'spiff. I hadn't heard of that one. |
I hear ya Art, theres a rumor of some crazy SOB running around burning peoples homes and sometimes entire villages down, all the while hes usually seen rolling on the ground laughing... sick, just sick. cant trust anyone :S |
|
|
|
01/14/2009 07:14:10 PM · #5 |
NP G - always looking to spread the G-word ;)
Originally posted by Art Roflmao:
I have DPC on my least trusted site list. Full of very shady characters I tell ya.
Thanks for the tip, 'spiff. I hadn't heard of that one. |
|
|
|
|
01/14/2009 08:12:34 PM · #6 |
| I was in IT for about 25 years (managing networks) but this pop-up phisher is news to me. EXCELLENT advice right there! |
|
|
|
01/14/2009 09:27:28 PM · #7 |
some gnuse is good news with garry gnu...
|
|
|
|
01/15/2009 08:47:04 PM · #8 |
Good info. Thank you.
On and off i do receive such emails pretending to be PayPal or bank.
First:
I check email address details, spelling mistake, hyperlink and etc.
Second:
Although all and all looks original, i will still contact my bank or PayPal to confirm relevant email by forwarding a copy to them.
This will ensure they will alert other users to be aware and more careful.
Cheers
|
|
Home -
Challenges -
Community -
League -
Photos -
Cameras -
Lenses -
Learn -
Help -
Terms of Use -
Privacy -
Top ^
DPChallenge, and website content and design, Copyright © 2001-2025 Challenging Technologies, LLC.
All digital photo copyrights belong to the photographers and may not be used without permission.
Current Server Time: 12/26/2025 12:59:14 PM EST.
