Cyber crooks use this attack method to capture confidential information (password, security codes, credit card numbers etc.) that they can use to their advantage. And the online banking sector is specifically targeted.
“While browsing around, you may come across a malicious site that may convince you to download some freeware. But what you don’t know is that along with the free stuff you can also download a virus or a malware” bullguard.com (2013).
It “infects a web browser by taking advantage of vulnerabilities in browser security to modify web pages, modify transaction content or insert additional transactions, all in a completely covert fashion invisible to both the user and host web application.” wikipedia.org, (2013)
How it works
“So, as it turns out, in this particular type of attack – man-in-the-browser – the malicious code settles comfortably in your web browser. There it rests dormant until you visit your bank account. When you try to log in, it activates itself and manipulates your browser to show a fake login page that looks exactly like the login page of your bank’s website, with just a few minor exceptions: additional boxes where you have to fill in information your bank wouldn’t ask you for – card security/verification codes, or even your PIN.
Once you unknowingly enter those details, cybercriminals can breach your internet security and take over your account. They can:
- Modify transaction content or insert additional transactions, all in a covert fashion, invisible to you and your bank. Basically, with the help of the infected browser, the attacker gets between you and your bank. You are shown the exact information you entered for the transaction, while your bank “sees” a totally different destination account number and/or amount.
- Adjust account balance, so that you don’t figure out the scam.
- Hide records of fraudulent money transfers in your transaction history.” bullguard.com (2013)
Mitigation and detection
“If your transaction takes longer than normal, there’s a chance it’s part of a fraudulent process. The same goes for unusual computer slow-downs.
- If you’re asked to fill in more information than usual, details that your bank wouldn’t normally ask for – especially if you’re asked for your entire password when on previous occasions you had to enter only parts of it – this might be a sign that your internet security was compromised by a man-in-the-browser attack.
- If you suspect something is wrong with your account, contact your bank by phone – check your credit card for the official phone number – not by e-mail. Verify with them what transactions are showing on your account, and how many times your account has been accessed lately, to see if their answers match your own.
- Keep all the applications on your PC up-to-date, especially your internet security program and your browser. BullGuard Internet Security 12 may come in handy thanks to its Vulnerability Scanner, which checks for out-dated versions and recommends patches and updates.
- The best offense is good defence. Make sure you have effective internet security on your PC.” bullguard.com (2013).