You’re checking your financial account online, moving money or paying bills, when suddenly a pop-up appears. It looks exactly like your bank’s page, complete with logo and branding, but asks for details you’ve already provided. Would you know what to do?

This is the kind of situation Kent recently faced. He emailed us saying, “Two times this week, I had a financial account open, and I was doing transactions. In the middle of a transaction, up pops a box in the middle of a full page showing the company’s logo. Real, yes, looked as real as it gets. The first time, I fell for it. It asked for my email address to confirm, then my phone number. Sadly, I did. Then I saw about four or five seconds of a screen named CREDIT DONKEY. At that point, I woke up and decided it was a scam. I immediately closed down my computer and called the number on the back of my financial card to report it.”

Kent’s quick thinking likely saved him from even more damage. But what exactly happened here?

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM/NEWSLETTER

DON’T FALL FOR THIS BANK PHISHING SCAM TRICK

How web injection scams trick you

This type of attack is called a web injection scam. It hijacks your browser session and overlays a fake login or verification screen. Because it appears while you’re already logged in, the fake page feels authentic. In Kent’s case, the appearance of “Credit Donkey” flashing on-screen was a red flag. Scammers sometimes abuse legitimate-looking redirects like this to convince victims they are dealing with their bank. The real aim is to capture login credentials or trick you into handing over two-factor authentication codes.

SOCIAL SECURITY ADMINISTRATION PHISHING SCAM TARGETS RETIREES

Web injection scams aim to steal your login and security details. (Kurt “CyberGuy” Knutsson)

Steps to protect yourself from web injection scams

If you ever find yourself in a situation like Kent’s, here are the most important steps you should take right away to secure your accounts and information.

1) Monitor your accounts

Check your recent transactions daily. Turn on alerts for logins, withdrawals or transfers, so you’ll know instantly if someone is trying to move money. 

2) Change your passwords

Update the password for any financial account that may have been exposed. Use a strong, unique password generated by a password manager such as NordPass. Next, see if your email has been exposed in past breaches. Our #1 pick, NordPass, includes a built-in breach scanner that checks whether your email address or passwords have appeared in known leaks. If you discover a match, immediately change any reused passwords and secure those accounts with new, unique credentials.

Check out the best expert-reviewed password managers of 2025 at Cyberguy.com/Passwords 

3) Remove your personal data from broker sites

Scammers often get phone numbers, emails and other details from data broker sites before launching attacks like the one Kent faced. A personal data removal service can help wipe this information from those shady databases, so criminals have less fuel for scams. Consider tools that automatically scan and request removal from dozens of brokers at once, saving you the time and hassle of doing it manually.

While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.

Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com/Delete

Get a free scan to find out if your personal information is already out on the web: Cyberguy.com/FreeScan

4) Enable stronger multi-factor authentication

Strengthen your account security with multifactor authentication. If your bank offers it, switch from SMS codes to app-based codes with Google Authenticator or Authy. These methods are far harder for scammers to intercept than text messages. 

5) Scan your devices with antivirus software

Since the scam appeared while Kent was logged in, malware or a browser hijack may be at play. Run a trusted antivirus to clear hidden phishing scripts. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com/LockUpYourTech 

6) Notify your bank in writing

Calling is smart, but also send a secure message or letter, so there’s a record. Ask them to put your account on high alert and require extra verification for any big moves.

7) Freeze your credit

Place a free credit freeze with Equifax, Experian and TransUnion. That way, scammers can’t open new accounts in your name even if they’ve stolen your personal info.

8) Consider identity monitoring

Services like Identity Guard can alert you if your Social Security number, email or phone number shows up where it shouldn’t. Identity Theft companies can monitor personal information like your Social Security number, phone number and email address, and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals. 

See my tips and best picks on how to protect yourself from identity theft at Cyberguy.com/IdentityTheft

CLICK HERE TO GET THE FOX NEWS APP

The bogus page asked for personal details before revealing it was a scam (iStock)

Smart online banking habits to stay safe

• Never enter personal details into a pop-up, no matter how real it looks.
• Always log in fresh through your bank’s official website or app.
• Keep your browser and operating system fully updated.
• Use a private email address for your financial accounts that scammers won’t easily guess.

For recommendations on private and secure email providers that offer alias addresses, visit Cyberguy.com/Mail

Kurt’s key takeaways

Web injection scams are designed to catch you off guard while you’re doing something routine. Kent’s quick reaction to close the page and contact his bank shows how important it is to stay alert. With the right habits and tools, you can keep scammers out of your accounts.

Have you ever experienced a scam attempt while banking online? Let us know by writing to us at Cyberguy.com/Contact

Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM/NEWSLETTER

Copyright 2025 CyberGuy.com.  All rights reserved.