Today, sophisticated yet highly available malware enables fraudsters to automate transfers from victims' online accounts, as well as perpetrate other acts of fraud. For example, the malware waits for the legitimate user to log in to a web site associated with the account and then activates a script which initiates a fraudulent money transfer without the customer knowing. This attack is known as a Man-In-The-Browser (MITB) attack. Another form of attack is to “inject” additional fields in web pages in order to obtain information on the victim in addition to the information already requested by the legitimate web site.
These two types of attacks are incredibly hard to stop. MITB is a huge problem today as anti-fraud systems search for characteristics in each money transfer request that do not fit the profile of the user. Yet the problem is that the web site sees this request as being sent from the legitimate machine of the user, and therefore may not be able to detect that it is actually being sent by the malware without the user's knowledge.