With all the news about twitter phishing on the rise, I probably would have ignored this headline, thinking I had it all covered, but my husband brought this news to my attention and I wanted to make sure you all knew about it, too. There is a new phishing attack method on the rise, called “in-session” phishing that I think could be VERY easy to fall for but can also be very easy to protect yourself against if you are informed. I’ll cut down the gist for you:

Suppose you are logged into your bank’s website and you open a tab to go somewhere else – anywhere else – well if this new tab is infected with the malicious phishing code, what will happen is a pop up window will open saying that your banking session has timed out and will ask you to enter your credentials to log back in – because somehow this virus can tell that you are logged into your bank and will try and trick you – a trick I probably would have fallen for if not for this information.

Now my bank typically will time out in the original window, bringing you to a new page altogether, but I have no idea what methods other banks use, and I wouldn’t have been very suspicious if they’d simply changed methods, but the ways to protect yourself is pretty obvious:

• Don’t log back in via the  pop-up window. Close that pop up and if necessary log back into your bank account manually from the original window.
• Another good piece of advice is to immediately log out of any secure sites once you’ve finished your tasks.
• And again avoid any un-prompted pop-up windows.

Okay, class is over. Read the article here from Ars Technica for more information and store this tid bit in the memory bank to ensure your identity is kept safe and sound.