"Attackers will often use a tool called a ‘web inject’ to monitor the internet browsing of an infected user. When the victim attempts to access their normal internet banking platform, the malware will
serve up a fake web page that looks exactly like their real online banking web page. It will steal
the victim’s login details and password, and trick the user into entering their token authentication,
or SMS authentication, so that the attacker can quickly replicate the process on the genuine web
page in order to get access to (and steal from) the account." in Cyber crime: understanding the online business model, by Matt Carey
Head of London Operations Team, NCSC. Image by Monica Pinheiro, license CC BY-NC-SA (CC).
