Print this page Bookmark and Share small font normal font large font

Online Fraud



Phishing Attacks Via Phoney Popup Messages

Phishing via pop-up messages is by far the one of easiest ways to steal login credentials for accessing secure online accounts. Various types of phishing allow fraudsters to copy the login page of any bank and set up a fraudulent website, in addition to creating malicious email messages and sending to customers with links that lead to these fraudulent websites.

There is a new variation of phishing attacks called 'in-session phishing,' which targets online banking sessions through a popup window posing as a legitimate message from the Bank.

A typical scenario would be as follows:

  • A user logs into their online banking account.
  • They might leave the browser open and navigate in another window to other websites.
  • A short time later a popup appears, allegedly from the bank, asking the user to retype their username and password because the session has expired, or to complete a satisfaction survey.
  • Since the user had already logged into the website, they don't suspect this popup is fraudulent and provide the requested details.

Defend Yourself From Phishing Popup Messages:

Since this is a browser based attack, the best way to defend against this is to be aware and practice browser security including:

  • You should be suspicious of unprompted pop up windows that appear without clicking on a hyperlink.
  • Deploy browser security tools and set security settings to disallow popups and certain scripts from running.
  • A short time later a popup appears, allegedly from the bank, asking the user to retype their username and password because the session has expired, or to complete a satisfaction survey.
  • You should always log out of online banking and other sensitive online applications and accounts before going to other websites, so that the sessions do not remain active.

Please note that Mechanics Bank will not solicit via any type of Popup messaging.