April 21, 2021

Is this a man in the browser attack? And what should I do if it is?

Some days back, I logged into an online exam portal for a professional exam. The portal had a 2-step verification process (password and an OTP sent to my phone). When I clicked on the button requesting for OTP, I received an OTP message from an unknown sender (I’ve logged in the portal before and so I was able to recognize that the sender was different). Believing that everything was okay, I entered the OTP and the webpage prompted that the OTP I had entered was incorrect. I clicked on “Resend OTP” and then I received the same OTP message from a third sender, and on entering it again, I found that it was incorrect yet again. Fortunately, I was able to continue to my examination by receiving the correct OTP by clicking on an option “receive OTP by email”.
However, now I am concerned if this was a man in the browser attack, my suspicions only being bolstered by the fact that nothing of this sort happened to anyone else who sat for the exam.
If this was a MITB attack, what can I do now to prevent anything wrong from happening in the future? I use Windows 10 and Chrome.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.