A man-in-the-browser attack uses a Trojan horse (typically spread through email) to install a bit of malware as an extension or Browser Helper Object (BHO). The malware initiates a man-in-the-browser attack by intercepting all communication between a user's browser and a destination Web server, changing the messages or transactions as they occur in real time. Attackers can use a man-in-the-browser attack to hijack an online financial transaction and wire money to a fraudulent account instead of a legitimate account, all without the user's knowledge.
While a man-in-the-browser attack is similar to a man-in-the-middle attack, the former is more difficult to prevent because rather than taking place in a public exchange, it takes place between the user and the browser's security mechanisms.
Preventing a man-in-the-browser attack requires a multilayered defense, and step one is preventing an attack from spreading through email. That's why so many financial organizations worldwide turn to Mimecast for help with email security.
Mimecast provides an all-in-one solution for email security, archiving and continuity that is available as a cloud-based subscription service. With no hardware or software to install and no capital investment, Mimecast's solutions can be rolled out quickly to immediately improve security posture and to stop threats like a man-in-the-browser attack.
Mimecast security solutions include:
In addition to security solutions for preventing a man-in-the-browser attack, Mimecast provides email archiving technology that can significantly streamline management of email retention and give users fast access to any archived email. The Mimecast Cloud Archive provides administrators with easy-to-use tools to manage FINRA email retention and SEC email retention requirements, as well as legal hold and eDiscovery tools that reduce the administrative burden of responding to legal and compliance requests.
Mimecast also offers an email continuity service that can ensure users have access to live and historic email and attachments at any time, from anywhere, even during planned and unplanned outages.
Learn more about preventing a man-in-the-browser attack with Mimecast, and about Mimecast solutions for government transformation strategy.