Researchers have discovered a sophisticated, new method of phishing that targets users while they are banking online. The “in-session phishing” attack prompts the victim to retype his username and password for the banking site because the online banking session “has expired” The attack goes like this: The phisher injects legitimate Websites with malicious JavaScript so that when an online banking customer visits one of those sites while banking online, he gets targeted. If the user falls for the popup lure and enters his banking credentials, the phisher then gets those credentials.”]