Criminals have successfully outwitted online security devices given out by banks and are tricking customers into handing over personal details.
This means customers using calculator-style keypads to protect their bank accounts are potentially at risk from hackers gaining access to their accounts, a BBC investigation has found.
These devices, such as PINSentry from Barclays and SecureKey from HSBC, were created to protect customers against such attacks. They ask customers to insert a card or pin number and create a unique key for each login, which can't be used again.
Man in the Browser
But now criminal hackers have found a way around these devices. The new bug is called a 'Man in the Browser' (MitB) attack by the technology industry and tricks banking customers by asking them to take part in training for a new 'upgraded security system'.
Once a customer agrees to this, the malicious software works by altering what is seen and allows a hacker to change the details of what is being entered, giving them the potential to raid someone's bank account. This malware lives in a web browser and is only activated when visiting certain sites.
Experts are advising customers to follow the advice provided by your bank and to use up-to-date security software.
"To prevent this happening customers should make sure they are in the correct company website and ignore pop-ups that ask for additional security," advises Lucy Davies, spokesperson for Experian.
Have you been a victim of online banking crime? Read our guide on how to get your money back