Full Text

Businesses that allow clients to log into online accounts run the risk of falling prey to a new kind of phishing attack which exploits a vulnerability found in all major browsers to enable hackers to bypass spam filters.

In traditional phishing attacks, scammers send out millions of bogus e-mail messages disguised as letters from legitimate companies such as banks, online payment firms and other financial organizations. A large number of these messages are blocked by spam filtering software. However, with in-session phishing, the e-mail message is replaced by a pop-browser window which evades filters designed to block spam e-mails, according to security vendor Trusteer Ltd. of Tel Aviv.

In this type of attack, scammers are most likely hack a legitimate Website and plant an HTML code that looks like a pop-up security alert window. When a customer logs onto the site, the pop-up appears on the customer's computer screen. The pop-up then asks for the victim to enter his or her password, login information and possibly answer other security questions used by banks and other...