Phishing, a relatively recent data theft method, is becoming an increasing threat to Internet surfers. The biggest problem with it is that you don't know anymore which site to trust. Fake messages everywhere, bogus e-mails, forged sites and more, all of these are the weapons of phishers.

Now, Secunia announces yet another devious phishing scheme. Supposing you enter (by mistake, or not) a malicious site, and the site pops a link to a trusted site which you are kindly invited to click. Being a safe site you access it. So far, everything's OK. But wait, while you're browsing the trusted site, the sneaky phisher pops a JavaScript dialog box which appears in that site. The dialog box tells you to enter some personal data which you do, after all this is a trusted site and there's no harm done if I type in some confidential information. Well, here is where you're wrong because you have just been phished.

Secunia says that "The problem is that JavaScript dialog boxes do not display or include their origin, which allows a new window to open e.g. a prompt dialog box, which appears to be from a trusted site."

According to the security company, all popular browsers are affected by this problem: Internet Explorer, Safari, Firefox, Opera, Camino, iCab, Mozilla, no Internet surfing solution is safe from this flaw.
Secunia also provides a demonstration of this flaw, which can be accessed here.