A security firm has uncovered a new form of cyber attack targeting online banking customers that uses live chat from hackers impersonating banking staff.
This is a type of browser infection that allows web pages to be modified, or new webpages or transactional content to be inserted between the user and the intended third party, in a completely transparent fashion.
"It specifically targets business/commercial online banking customers," he added.
The following messages appear on the user's screen once the attack is under way:
"The system couldn't identify your PC.
"You will be contacted by a representative of bank to confirm your personality.
"Please pass the process of additional verification otherwise your account will be locked.
"Sorry for any inconvenience, we are carrying about security of our clients."
Klein wrote that these messages are followed by a live online-chat session with the hackers, during which real time fraud could be attempted.
"The fraudster [then] engages in a live online chat session with the victim. The session may be used to perform real time fraud by enticing the victim to sign/verify fraudulent transactions that Shylock is initiating in the background."
Trusteer said that this form of attack can be detected by some dedicated security programmes, such as its own, or by banks requiring a form of two-factor authentication before online transactions will be processed.