Man-In-The-Middle attacks
Another old but effective tactic is the Man In-The-Middle (MITM) attack, in which attackers target banking platforms that do not adequately protect their infrastructure. This not only allows hackers to steal money, but also negatively affects the bank’s reputation by making their infrastructure seem fragile and vulnerable. The attack allows fraudsters to interfere with the communication between users and the bank’s backend implementation to change transaction values and accounts. It can be prevented by using certificate pinning technology, which allows bank application to trust a specific certificate for a given server.
However, vulnerabilities have been found on this implementation when using TLS connections. A common technique called DNS spoofing can easily redirect the victim’s traffic when they’re connected under the same Wi-Fi network, failing to validate the hostname. The best way banks can prevent this attack from harming a customer’s account is by implementing a token multi-factor signature.