XSS or Cross Site Scripting, while not a new threat, is becoming increasingly more common. Further, this threat is being leveraged more and more to perform phishing attacks. Since financial institutions are the target in the vast majority of phishing attacks, these businesses must take steps now to ensure the safety of their clients.
What Is XSS?
Though the acronym may be similar to RSS (Real Simple Syndication), XSS (Cross Site Scripting) is nothing like it at all, and is actually one of the more problematic security threats facing enterprises with a Web presence. In an XSS attack, hackers maliciously insert code into an improperly configured Web page. Thereafter, anyone that visits the Web page will be susceptible to whatever actions that code can execute. Depending on the nature of the XSS attack (three types are known to exist) the user's session can be hijacked, sensitive information about the user (such as login credentials) can be captured, or the user's device can be infected with malware.