Australian Information Security Management Conference

Document Type

Conference Proceeding


Security Research Centre, School of Computer and Security Science, Edith Cowan University, Perth, Western Australia


Originally published in the Proceedings of the 7th Australian Information Security Management Conference, Perth, Western Australia, 1st to 3rd December 2009


Initially, online scammers (phishers) used social engineering techniques to send emails to solicit personal information from customer in order to steal money from their Internet banking account. Data, such as passwords or bank account details, could be further used for other criminal activities. For instance, the scammers may intend to leave the victim’s information behind after they have successfully committed the crime so that the police can suspect the visible evidence as a suspicious criminal. Many customers are now aware of the need to protect their banking details from the phishers by not providing any sensitive information. Recently, phishing attacks have become more sophisticated and targeted to the online banking users. Hence, this paper reviews one form of a current type of phishing attack known as a ‘man-in-thebrowser’. It specifically focuses on the use of browser extensions, including their operational strategies. Techniques to identify, minimize, and prevent this type of attack are considered. Lastly, the author provides specific advice for the bank customers based on her research interests and experience in online banking security.