Security Research Centre, School of Computer and Security Science, Edith Cowan University, Perth, Western Australia
Initially, online scammers (phishers) used social engineering techniques to send emails to solicit personal information from customer in order to steal money from their Internet banking account. Data, such as passwords or bank account details, could be further used for other criminal activities. For instance, the scammers may intend to leave the victim’s information behind after they have successfully committed the crime so that the police can suspect the visible evidence as a suspicious criminal. Many customers are now aware of the need to protect their banking details from the phishers by not providing any sensitive information. Recently, phishing attacks have become more sophisticated and targeted to the online banking users. Hence, this paper reviews one form of a current type of phishing attack known as a ‘man-in-thebrowser’. It specifically focuses on the use of browser extensions, including their operational strategies. Techniques to identify, minimize, and prevent this type of attack are considered. Lastly, the author provides specific advice for the bank customers based on her research interests and experience in online banking security.