A man-in-the-browser attack often targets financial firms
A man-in-the-browser attack uses a Trojan horse (typically spread through email) to install a bit of malware as an extension or Browser Helper Object (BHO). The malware initiates a man-in-the-browser attack by intercepting all communication between a user's browser and a destination Web server, changing the messages or transactions as they occur in real time. Attackers can use a man-in-the-browser attack to hijack an online financial transaction and wire money to a fraudulent account instead of a legitimate account, all without the user's knowledge.
While a man-in-the-browser attack is similar to a man-in-the-middle attack, the former is more difficult to prevent because rather than taking place in a public exchange, it takes place between the user and the browser's security mechanisms.
Preventing a man-in-the-browser attack requires a multilayered defense, and step one is preventing an attack from spreading through email. That's why so many financial organizations worldwide turn to Mimecast for help with email security.
Stopping a man-in-the-browser attack with Mimecast
Mimecast provides an all-in-one solution for email security, archiving and continuity that is available as a cloud-based subscription service. With no hardware or software to install and no capital investment, Mimecast's solutions can be rolled out quickly to immediately improve security posture and to stop threats like a man-in-the-browser attack.
Mimecast security solutions include:
- Targeted Threat Protection that helps to identify and block advanced threats like spear-phishing, impersonation, ransomware and a man-in-the-browser attack. Mimecast blocks access to malicious URLs, identifies and neutralizes weaponized attachments, and effectively spots malware-less attacks by searching for header anomalies, domain similarity, sender spoofing and other telltale signs.
- Spam and virus protection that stops these threats before they impact email performance.
- Secure messaging technology that lets users share confidential and sensitive information safely and securely.
- Large File Send technology that lets users send and receive files up to 2 GB safely, without impacting email system performance.
- Content control and data leak prevention, enabling financial services organizations to stop inadvertent or malicious leaks and to control the distribution of sensitive information.
Beyond a man-in-the-browser attack: additional solutions from Mimecast
In addition to security solutions for preventing a man-in-the-browser attack, Mimecast provides email archiving technology that can significantly streamline management of email retention and give users fast access to any archived email. The Mimecast Cloud Archive provides administrators with easy-to-use tools to manage FINRA email retention and SEC email retention requirements, as well as legal hold and eDiscovery tools that reduce the administrative burden of responding to legal and compliance requests.
Mimecast also offers an email continuity service that can ensure users have access to live and historic email and attachments at any time, from anywhere, even during planned and unplanned outages.
Learn more about preventing a man-in-the-browser attack with Mimecast, and about Mimecast solutions for government transformation strategy.