case study (methods)

 

                                       Lloyd Banking Group Inc.
An attack can be conducted by visiting the Lloyds Banking Group's websites including(Bank of Scotland and Halifax) and selecting "Forgotten sign in details / access suspended?"
This initiates a credential recovery method that requires knowledge of two of the following client details:
1. The first name of the father
2. The first name of your mother
3. Location of birth
4. Primary school
These details are in the public domain and should be assumed to be known by an enemy. A user-generated question must also be answered. To complete the authentication procedure, the attacker must get access to the customer's email account.
The adversary can now totally reset all of the aforementioned security questions and get complete control of the customer's account. 

Therefore, cryptography can be the best way to stop the malware or phishing of data and information. 

references: Smyth, B., 2010. Forgotten your responsibilities? How password recovery threatens banking security (No. CSR-10-13). School of Computer Science.