Phishing attack possible with a delayed JavaScript prompt

2005-01-05T00:00:00
ID OPERA:781
Type opera
Reporter Opera
Modified 2005-01-05T00:00:00

Description

A malicious page can be crafted to send the userto his banking site, and shortly afterwardsdisplay a dialog enticing the user to type inhis bank login credentials.The dialog will appear in front of the bankingpage, while the window it really belongs to willbe hidden. If the timing and context is right,the message displayed in the dialog may be ableto deceive the user.For example, the user goes to his banking sitefrom a Web page that happened to have a link tothat bank. If he got the link to that pagethrough e-mail, it could easily have come from ascammer.