Subscribe to ProtectMyID Blog via RSS

Rss Posts

Rss Comments

Welcome to the ProtectMyID Blog

Lessons and stories from the front lines of fighting identity theft.


Phony Pop Ups

Aug 02

The other day, while on my computer I logged into my banking account to monitor transactions. When all of a sudden, a “pop-up” appeared which looked like it came from my banking institution and it was prompting me to re-enter my user-name and password before my banking session would time out.  That’s when I thought to myself, legitimate companies, agencies and organizations don’t ask for personal information via pop-up screens.  I quickly clicked out of the pop-up and sent an email to my banking institution to notify them.

Fraudsters have yet again discovered a sophisticated method of phishing that targets users while they are banking online by sending phony pop-up messages.  The so-called “in-session phishing” attack prompts the victim to retype his/her user-name and password for the banking site because the session is about to expire.  If the victim falls for it, it will ask the victim if he/she would like to fill out a survey once the session is done which is a way for the fraudster to lure the victim into providing personal information.  At this point, the fraudster has the victim’s user-name/password and enough personal information to commit identity theft against the person.

Here are some tips to keep in mind to protect yourself from an in-session phishing attack:

1. Deploy browser security tools

2. Log out of banking and other sensitive online apps and accounts before going to other Websites

3. Be suspicious of any pop-ups during a Web session if you haven’t clicked on a hyperlink

4. Install pop-up blocking software to help prevent this type of phishing attack

5. Never enter your personal information in a pop-up screen

Always keep these tips in mind so you don’t end up becoming surprised with a pop-up scam.

Post a comment

Note: takes your privacy seriously. In order to post comments on this Blog Site you will be required to provide your name and email address for verification purposes only. This information will not be shared, sold or used for marketing purposes. Confidential, private or credit information should not be posted to this Blog Site at any time. Children under the age of 13 are not permitted to post comments to this Blog Site.