New Online Trick Aims To Steal Your Identity

A new round of identity theft tricks are out in full force on the Internet. Even the pros are worried about this one because it brings deception to a new level.

It's called In Session Phishing. For those unaware, the term Phishing (Wikipedia) refers to tricks pulled on net consumers to offer up personal information for what is thought to be a legitimate request. For example, your bank sending you an email telling you you need to come up with a new password for your account.(See tips from FDIC on Safe Banking.)

Here's how the attack works: A user legitimately logs into his bank website, enters in passwords, and then does whatever he logged in to do. Once finished, he opens another browser tab (or browser window) and leaves the bank website open. Shortly thereafter, he encounters a website that has been injected with the malicious code in question. Once run, the malware creates a pop-up, supposedly from the bank or secure site that's still open in another tab or window. The "authentic" pop-up prompts the user to enter his login credentials again in order to resume the session. If consumers do this they are in for trouble.

The deception here is that consumers think they are on a Secure site- yet today's malware is able to create a sense of trust.

Some of these tricks ask you to fill out a form to go forward as your session has timed out. If you see this happen immediately exit out of the site you are on. Please warn seniors that are active on the internet. In fact you can sign them up to get HomeACTIONS for free!