Scammers are using visual spoofing; a technique that makes a pop-up web page, which usually has no tool bars, look like it is contained in a web browser, usually Internet Explorer (IE).
However, the entire page, including the web browser and icons, is in fact a Java scripted dummy of Internet Explorer. The end product is a realistic web page that looks as if it is displayed on IE. Details of the scam can include the padlock at the bottom of the screen, which shows the website is secure.
More than 30 phishing scams have occurred this year.
At the beginning of February, Microsoft issued a patch to correct a bug in Internet Explorer that allowed phishermen to spoof URLs leaving little trace of the actual website address.