Browser bug could allow phishing without e-mail

From InfoWorld: A bug found in all major browsers could make it easier for criminals to steal online banking credentials using a new type of attack called "in-session phishing," according to researchers at security vendor Trusteer.

In-session phishing (pdf) gives the bad guys a solution to the biggest problem facing phishers these days: how to reach new victims. In a traditional phishing attack, the scammers send out millions of phoney e-mail messages disguised to look like they come from legitimate companies, such as banks or online payment companies.

Those messages are often blocked by spam-filtering software, but with in-session phishing, the e-mail message is taken out of the equation, replaced by a pop-up browser window.

View: Article @ Source Site