When it began: Though first recognized as an attack in 1998 by the NSA, the most well-known attacks occurred in October 2005 and July 2006, when large European and U.S. banks with one time password (OTP) scratch cards and tokens were targeted with man-in-the-middle attacks. Subsequently, Amazon.com was also attacked, according to a report by security vendor Tricipher. Security experts believe that criminal software developers now have created the equivalent of Microsoft Office for man-in-the-middle exploits: a software package for sale on the Internet that even non-experienced computer users can set up to carry out attacks.

What it is: Criminals create bogus sites that are capable of communicating directly with legitimate sites in real time. Victims access their actual accounts, perhaps even using a hardware token or other one-time password device, but do it through the man-in-the-middle servers that capture all their information. These servers can even force the legitimate site to keep secure sessions open after the victim has logged off, allowing criminals to access the account themselves and withdraw money.

Response: IP address blacklists; Bayesian content filters; content heuristics engines; content fingerprinting schemes augmented by sender authentication; anti-virus software; network monitoring; teaching computer users not to click on communications or software that they are not expecting to receive; multi-factor authentication; intrusion detection software; firewalls; data encryption; security risk training.