A new breed of online banking malware has developed a scary skill — it talks. If you want to hold onto your cash, don't talk back.
The clever cyberattack exploits the live chat feature on banking websites in an attempt to pressure victims into divulging their financial information, Amit Klein from the security firm Trusteer explained.
When people log in to their online banking site, this new malware, using a series of fake HTML and JavaScript injections, stalls their session and informs them "security checks are being performed."
The site, using convoluted language, then tells victims: "The system couldn't identify your PC. You will be contacted by a representative to confirm your personality. Please pass the process of additional verification otherwise your account will be locked. Sorry for any inconvenience, we are carrying about security of our clients. "
If the poor grammar doesn't raise a red flag, the malware attack then presents users with a live online chat session that allows the hackers to "perform real time fraud by enticing the victim to sign/verify fraudulent transactions."
Given this browser exploit, Klein does not have a positive outlook on the future of Web browser security.
"What's clear now is that the barbarians are taking control of the browser," he wrote.
To keep malware authors at bay, it's crucial to keep your browser up to date and also run strong anti-virus software on your computer, a list of which can be found here. And if you come across unsolicited messages, especially ones with grammar and spelling mistakes, be suspicious and don't click any links.