Danish security firm Secunia has issued warnings about a vulnerability in most Web browsers that could open the door to hackers hijacking pop-up windows on trusted Web sites to launch phishing attacks.
The vulnerability can be exploited regardless of which Web site is the true “owner” of the pop-up window, according to Secunia. The fraudulent tactic attempts to trick consumers into providing personal and/or financial information.
Secunia reported that the vulnerability affects almost all browsers, including Internet Explorer, Mozilla, Firefox, Opera, Konqueror, Safari and Netscape. The company said it alerted the browsers’ suppliers of the vulnerability months ago.
Ken Dunham, the director of malicious code research at iDefense, a Reston, Virginia-based threat-intelligence firm, told the E-Commerce Times that hackers are getting more sophisticated and more difficult to catch.
“The reality is that for every attack that we do know about, there are others we don’t,” Dunham said. “We really don’t have a clear picture as a public yet of the sheer nature of the threats that are out there.”
What we do know is that it often starts in the e-mail box, according to MailFrontier Research. The e-mail security and anti-phishing software provider forecasts that more than 750 million phishing e-mails spoofing e-commerce sites will be sent during the holiday shopping season.
The firm has identified that 20 percent of all phishing attacks target e-commerce sites. This is bad for e-commerce business, Anne Bonaparte, president and CEO of MailFrontier, said.
“We’re continuing to see a significant impact on consumer behavior due to the rising threat of e-mail phishing scams,” Bonaparte said.
“From its impact on consumer loyalty within the financial industry to potentially restraining online shopping this holiday season, the treat of e-mail phishing attacks is deterring ‘business as usual’,” she said.
Indeed, MailFrontier Research surveys have found that 29 percent of consumers said they would avoid shopping online this holiday season due to the rise of e-mail phishing scams.