Beware of Phony Pop-Up Messages! (1/21/09*)
UPDATED 3/20/09
Be sure your online security and virus protection is up to date and scan your system for malware. Reports continue about phony pop-up messages that occur during online banking sesions.
Some web browsers have a weakness that allow "in-session phishing" attacks to take place. These prompt a pop-up window asking fpr account information such as log in credentials or security questions/answers. If you see a pop-up message while logged in to Online Banking, it is NOT from Amplify - do not enter any information. We do not and will never use pop up messages.
If you have given out account information via one of these pop ups, call us at 836-5901 and get a new member number. We also recommend that you monitor your credit report for evidence of ID Fraud.
More information can be found at:
http://en.wikipedia.org/wiki/In-session_phishing
http://www.darkreading.com
*According to researchers at Trusteer, fraudsters are using a sophisticated new method of phishing that targets users while they are banking online - sending phony popup messages pretending to be from their financial institution.
The security firm said that their research team has not spotted full-blown attacks like this in the wild as yet, but they have seen precursors to it. The malware exploits weaknesses in the browser that lets the attacker "see" the banking site URL where the victim is logged in, and then the phisher automatically generates a popup.
Dubbed "in-session phishing" attacks, the victim is prompted to retype their username and password for the banking site because the online banking session "has expired," or is asking for the completion of a satisfaction survey or to fill out a special promotion via a popup.
Trusteer offered a few tips for users to protect themselves from an in-session phishing attack: deploy browser security tools; log out of banking and other sensitive online apps and accounts before going to other Websites; and be suspicious of any popups during a Web session if you haven't clicked on a hyperlink.