With banks introducing devices like the SecureKey from HSBC that are capable of generating a unique code for each login, valid for 30 seconds, it had become difficult for hackers to steal money from bank accounts. So the hackers have now come up with new tactics.
Mark Bowerman, of Financial Fraud UK, says, “People need to be aware and take appropriate steps. These new security steps make it harder for fraudsters but this is still happening”.
When a user logs into the bank’s real site, the account holders are tricked by the offer of training in a new “upgraded security system”. Money is then moved out of the account but this is hidden from the user. Users are being advised to keep their antivirus software up to date.
Man in the Browser (MitB) does not strike until user visits particular websites. Once the browser has been infected, the malaware will silently live in the browser, and it can get between the user and the website. The MitB is capable of altering the details of what is being entered on the website and what is actually seen by the user.