Skip to content


What is a Man-in-the-Browser attack and how can I protect my Internet banking customers from it?

A Man-in-the-Browser attack, also called a "Proxy Trojan" is a sophisticated attack that infects a user's web browser and allows an attacker to:

  • Not have to worry about SSL encryption (which happens outside the browser), enabling them to inspect any content sent or received by the browser
  • Bypass multi-factor authentication controls (money can be stolen while the user is legitimately logged in)
  • Intercept and/or manipulate transactions or data
  • Hide malicious activity from the user during the session

    One way to prevent Man-in-the-Browser attacks is to use out-of-band transaction verification. This means that transactions must be additionally verified through some means other than the user's Internet banking session (e.g. by fax or by phone). Another method of prevention is through the use of special USB devices, such as IronKey, that increase browser session security.
  • Vendor: 

    First published on 11/14/2011

    Filed under: 

    Search Topics