For faster navigation, this Iframe is preloading the Wikiwand page for In-session phishing.

In-session phishing

This article needs to be updated. Please help update this article to reflect recent events or newly available information. (July 2024)

In-session phishing is a form of potential phishing attack which relies on one web browsing session being able to detect the presence of another session (such as a visit to an online banking website) on the same web browser, and to then launch a pop-up window that pretends to have been opened from the targeted session.[1] This pop-up window, which the user now believes to be part of the targeted session, is then used to steal user data in the same way as with other phishing attacks.[2]

The advantage of in-session phishing to the attacker is that it does not need the targeted website to be compromised in any way, relying instead on a combination of data leakage within the web browser, the capacity of web browsers to run active content, the ability of modern web browsers to support more than one session at a time, and social engineering of the user.[3]

The technique, which exploited a vulnerability in the JavaScript handling of major browsers, was found by Amit Klein, CTO of security vendor Trusteer, Ltd.[4][5] Subsequent security updates to browsers may have made the technique impossible.

References

[edit]
  1. ^ Cert-IST. "Publication content". Cert-IST (in French). Archived from the original on 2024-07-18. Retrieved 2024-07-18.
  2. ^ Hruska, Joel (2009-01-13). "New in-session phishing attack could fool experienced users". Ars Technica. Retrieved 2024-04-16.
  3. ^ Arellano, Nestor; McMillan, Robert (6 February 2009). "In-session phishing a new threat to online businesses". Network World Canada. 25 (3). ProQuest 198831313.
  4. ^ Kaplan, Dan (14 January 2009). "New phishing ploy exploits secure sessions to hijack data". iTnews.
  5. ^ "Archived copy" (PDF). Archived from the original (PDF) on 2009-01-22. Retrieved 2009-01-20.((cite web)): CS1 maint: archived copy as title (link)[full citation needed]
[edit]


{{bottomLinkPreText}} {{bottomLinkText}}
This page is based on a Wikipedia article written by contributors (read/edit).
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.
Cover photo is available under {{::mainImage.info.license.name || 'Unknown'}} license. Cover photo is available under {{::mainImage.info.license.name || 'Unknown'}} license. Credit: (see original file).
In-session phishing
Listen to this article

This browser is not supported by Wikiwand :(
Wikiwand requires a browser with modern capabilities in order to provide you with the best reading experience.
Please download and use one of the following browsers:

This article was just edited, click to reload
This article has been deleted on Wikipedia (Why?)

Back to homepage

Please click Add in the dialog above
Please click Allow in the top-left corner,
then click Install Now in the dialog
Please click Open in the download dialog,
then click Install
Please click the "Downloads" icon in the Safari toolbar, open the first download in the list,
then click Install
{{::$root.activation.text}}

Install Wikiwand

Install on Chrome Install on Firefox
Don't forget to rate us

Tell your friends about Wikiwand!

Gmail Facebook Twitter Link

Enjoying Wikiwand?

Tell your friends and spread the love:
Share on Gmail Share on Facebook Share on Twitter Share on Buffer

Our magic isn't perfect

You can help our automatic cover photo selection by reporting an unsuitable photo.

This photo is visually disturbing This photo is not a good choice

Thank you for helping!


Your input will affect cover photo selection, along with input from other users.

X

Get ready for Wikiwand 2.0 🎉! the new version arrives on September 1st! Don't want to wait?