Defeating Man-in-the-Browser: How to Prevent the Latest Malware Attacks against Consumer & Corporate Banking

Defeating Man-in-the-Browser: How to Prevent the Latest Malware Attacks against Consumer & Corporate Banking The Internet offers financial institutions the promise of delivering new services at a fraction of the cost of traditional channels. As more consumers move online, this migration helps reduce operating costs and increase their customer base. The challenge lies in being able to offer these services across new and sophisticated channels - for example, the mobile channel - while not sacrificing security or usability.

While many safeguards are deployed within financial institutions, criminals are evolving their techniques rapidly. Instead of phishing attacks that lead to fake Web sites designed to harvest usernames and passwords, the techniques are now more sophisticated and effective against previously deployed defenses. Phishing and spear-phishing attacks1 are now designed to deploy malware, which takes over users' browsers and executes malicious transactions. The malware is crafted to avoid detection by antivirus tools. The result is known as a "man-in-the-browser" attack.

This whitepaper will:

  • Explain the mechanics of a man-in-the-browser attack
  • Review the various counter-measure possibilities
  • Compare their effectiveness



Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing ffiec.bankinfosecurity.com, you agree to our use of cookies.