Webmail and Online Banks Targeted By Phishing Proxies

An anonymous reader writes "Netcraft confirms a recent increase in the number of malicious proxy auto-config (PAC) scripts being used to sneakily route webmail and online banking traffic through rogue proxy servers. The scripts are designed to only proxy traffic destined for certain websites, while all other traffic is allowed to go direct. If the proxy can force the user to keep using HTTP instead of HTTPS, the fraudsters running these attacks can steal usernames, passwords, session cookies and other sensitive information from online banking sessions."