Phishing Scams and Phishing Reports at

Submit Scam
About Us
Contact Us

Pop-up Phishing Vulnerability

Pop-up Phishing Vulnerability


A Javascript pop-up flaw in major browsers used as part of a Phishing Scam


Internet Explorer, Firefox, Safari, and several other web browsers all suffer from a vulnerability that enable a malicious JavaScipt pop-up script to be used by cyber criminals to steal personal data.

The flaw, reported by the respected security firm Secunia, allows a phishing attack where a JavaScript pop-up window appears in front of a trusted website.

"The problem is that JavaScript dialogue boxes do not display or include their origin, which allows a new window to open - for example, a prompt dialogue box - which appears to be from a trusted website", Secunia said.

To exploit the flaw, a cyber criminal directs a web user from a malicious site or email to a legitimate, trusted site such as an online bank, in a new browser window. The malicious site would then open a Javascript pop-up in front of the legitimate website, which may fool a user into sending personal information back to the malicious site.

The Mozilla Foundation development team have already been working on techniques to block such pop-up. In a statement by Microsoft, they warned users not to trust pop-ups that do not display an address bar or a lock icon that verifies it came from a legitimate source. Only the latest version 8.01 of Opera, would reveal the pop-up's origin - letting users inspects its URL to see if it came from a trusted site.

Source:,39024655,39131379,00.htm -

MillerSmiles News


Talk about this article on our phishing news discussion forum


MillerSmiles is the web's dedicated anti-phishing service. Launched in 2003, the site has become one of the most trusted internet security related websites on the internet.

For enquiries relating to this story or any other part of the MillerSmiles website please email the MillerSmiles team here

If you are interested in business and partnership opportunities with MillerSmiles please email us here