The other day, while on my computer I logged into my banking account to monitor transactions. When all of a sudden, a “pop-up” appeared which looked like it came from my banking institution and it was prompting me to re-enter my user-name and password before my banking session would time out. That’s when I thought to myself, legitimate companies, agencies and organizations don’t ask for personal information via pop-up screens. I quickly clicked out of the pop-up and sent an email to my banking institution to notify them.
Fraudsters have yet again discovered a sophisticated method of phishing that targets users while they are banking online by sending phony pop-up messages. The so-called “in-session phishing” attack prompts the victim to retype his/her user-name and password for the banking site because the session is about to expire. If the victim falls for it, it will ask the victim if he/she would like to fill out a survey once the session is done which is a way for the fraudster to lure the victim into providing personal information. At this point, the fraudster has the victim’s user-name/password and enough personal information to commit identity theft against the person.
Here are some tips to keep in mind to protect yourself from an in-session phishing attack:
1. Deploy browser security tools
2. Log out of banking and other sensitive online apps and accounts before going to other Websites
3. Be suspicious of any pop-ups during a Web session if you haven’t clicked on a hyperlink
4. Install pop-up blocking software to help prevent this type of phishing attack
5. Never enter your personal information in a pop-up screen
Always keep these tips in mind so you don’t end up becoming surprised with a pop-up scam.