Banks and financial institutions must work through a new generation of malware designed to lurk on Web browsers and only collects data when users access a banking website. Similar to other methods, it all starts with clever social engineering used to compromise victims, which leads to the malware being secretly installed.
The new tactic has led to at least 400 cases, with banking users often unaware of many threats that face them. At the very least, security experts recommend customers never click links in emails that look like something from their bank - but even if users go directly to the bank website, that's when the malware causes mayhem.
"It's going to have graphics and terminology that would make you believe, hey, that sounds pretty legitimate," said JD Sherry, Trend Micro VP of technology and solutions, in a statement. "Once you click on that, you don't have intelligence to basically say that's a bad link. The device is going to download that particular malware."