Spam filtering software has gotten quite good at catching and eliminating many email-based phishing attacks. Traditionally, these emails disguise themselves so that they appear to be from a legitimate source, and trick the recipient into providing login details or account numbers.
But those bad guys that are engaged in the phishing business are always trying to stay one step ahead of the anti-phishing software, and like any good get-rich-quick schemer, will always have half a dozen new scams up their sleeves. The latest is called “in-session phishing”, which is an attempt to bypass the anti-spam software. This trick abandons the traditional email attack and replaces it with a pop-up window.