by Iris Pang
Article filed in

What is the man-in-the-browser attack?

by Iris Pang

What is the man-in-the-browser attack? - Paubox

Did you know? According to the National Health Care Anti-Fraud Association (NHCAA), we spent roughly $3.6 trillion on healthcare in 2018. While most of these health insurance claims were legitimate, the NHCAA states that approximately $108 billion, about 3%, were fraudulent claims.

While this figure is a small percentage of our overall healthcare spending, fraudulent claims result in:

  • Higher premiums 
  • Higher out-of-pocket costs
  • Fewer benefits and less coverage
  • Higher costs for employers providing employees with healthcare benefits
  • Dangerous medical procedures
  • Compromised medical records

While there are many ways in which fraud takes place, the man-in-the-browser attack is perhaps one of the sneakiest.

How does health insurance fraud occur?

When most of us think of insurance fraud, we may think of stealing health insurance cards or falsifying pharmaceutical prescriptions.

However, some types of health data  breaches fly under the radar, and hackers don’t always inform you when they’ve stolen your account information.

So a hacker could have hijacked your browser, stolen your data or money, filed a false claim, or written a prescription on your behalf, all without your knowledge. Aka: a man-in-the-browser attack.

What is a man-in-the-browser attack?

According to the Open Web Application Security Project (OWASP), a man-in-the-browser (MITB) attack is very similar to a man-in-the-middle (MITM) attack. It uses a tTrojan to intercept the data between you, your browser, and the server.

After intercepting the transaction, it changes it, submits it to the server, all while appearing to you that nothing is amissreturning the original data you entered.

In other words, you might authorize a transaction for $200 by entering all your details—your password, bank account number, and credit card information—but the MITB attack will have intercepted and changed the transaction to $1,200. Then, once the information has been submitted to your bank, the malware changes the numbers back to the original $200, making your transaction look totally normal.

So for the typical customer or healthcare professional, nothing seems amiss, and the transaction goes through normally. This works even if you’ve enabled two-factor authentication. Thus, there is even less reason to suspect that anything is wrong.

You might log onto your bank, send a $200 payment to a business associate, receive a normal receipt, and be completely unaware that a hacker has stolen $1,000 from you.

How does Paubox protect you from man-in-the-browser attacks?

Since MITB attacks are so difficult to detect, it’s imperative that covered entities, their business associates, and patients all have a seamless way of ensuring none of their data is compromised.

Paubox Email Suite automatically encrypts your outbound emails, and they arrive securely in your patients’ inboxes, without requiring them to log into a portal or remembering lengthy passwords.

Because it integrates directly with Google Workspace, Microsoft 365, orand Microsoft Exchange, once it’s configured you’ll send email as you normally would with no change in behavior required.

Paubox Email Suite Plus also comes with inbound email security which protects you from malware, viruses, ransomware, and other exploits. Our patented feature ExecProtect gives you peace of mind by protecting you from display name spoofing to make sure that your senders are always who they say they are.

Last, Paubox’s patent-pending Zero Trust Email feature ensures that you and your patients’ data are protected from threats both inside and outside your private network.

Try Paubox Email Suite Plus for FREE today.