Online Banking Session Phishing Attack via Phony Popup Messages
Online banking users should be aware of a new variation of phishing attacks. This new variation of phishing attack, called "in-session phishing," targets online banking sessions through a popup window posing as a legitimate message from the bank.
Because this is a browser-based attack, the best way to defend against it is for customers to be aware of it. A few best practices in browser security include the following:
1. Users should be suspicious of unprompted popup windows that appear without clicking on a hyperlink. When logging in to Online Banking, enter your Access ID, then press "Submit." A new window will appear in which you will be prompted either to answer one of your security questions or to enter your password. Nowhere past this stage should you encounter any popup windows. If you do, please contact First Hope Bank immediately.
2. Deploy browser security tools and set security settings to disallow certain popups and scripts from running.
3. Users should always log out of online banking and other sensitive websites and accounts before navigating elsewhere online so sessions do not remain active.
For more information on maintaining your online security, please visit our "Protecting Yourself" page of online security tips.