Web Security Alert: Serious Bug Makes All Browsers Vulnerable to Phishing Attack

Some of you already know that Phishing is basically an attack to a legitimate website where HTML code is planted to steal user information.

A recent attack against major web browsers involves using a popup security alert window that asks a computer user to enter their username and password or even other security questions. This may be difficult task on the part of the hackers who created the bug to perform this task in that you have to trick people into believing the popup is legitimate.

This would not be so scary if the phishing filters picked up this type of threat but what if the phishing protection on most popular web browsers were not adequate enough to detect this threat. Well, the time is here. Many popular web browsers have become vulnerable to a new phishing bug attack.

This new bug opens up all browsers to a type of phishing attack called "in-session phishing". Researchers at Trusteer have identified this type of phishing and are now alerting computer users of the dangers. Older traditional phishing attacks usually involved sending out spam messages that looked like legitimate banking messages where they linked users a the specific phishing web page. These type of messages or sites were mostly blocked by phishing filters.

The newer bug or phishing attack uses an in-session method by means of java script. Scripts may be run during your visit to a normal site if the right code was put in place by hackers. Because this threat is fairly new many web browsers do not have the ability to detect or block it. Patches may be released in the near future to block this type of attack.

Tips: It is important to keep your all of your software, including your web browser application, up to date at all times. It does not hurt to check the vendor of your web browser to check for an update manually at times. Remember, being proactive is the best way to stay a step ahead of these hackers and protect yourself from unnecessary attacks that can lead to lost of personal information or theft of your identity.