A hacking kit which allows fraudsters to capture confidential information even when consumers protect their banking transactions with secure two-factor tokens is circulating on the internet.
The Universal Man-In-The-Middle phishing kit allows the capture of credit card details and other personal information by intercepting messages before they are passed to genuine banking and e-commerce sites.
The kit, discovered by security firm RSA, allows hackers to create copies of genuine banking websites. The fraudulent sites intercept personal information before passing it on to the genuine site.
RSA said it expected man-in-the-middle attacks to become more widespread over the next year.
Marc Gaffan, RSA's director of marketing, said, “As institutions put additional online security measures in place, inevitably the fraudsters are looking at new ways of duping innocent victims and stealing their information and assets.”
Comment on this article: [email protected]