If you thought you had your online banking security situation under control, along comes this chilling blog entry from security vendor Trusteer about some really nasty stuff they observed over the holiday break. And especially for those of you that have chosen paperless statements, you want to read it carefully and understand the exploit.

Basically, the bad guys have figured out a full-service series of attacks that take money from your debit card account and then proceed to show you a series of screens that cover up the transaction. They use a variety of malware tools to insert themselves in the middle of your transactions to steal your account information, then quickly debit your account. The next time you login to your bank, you are seeing the faked screens that don’t display this transaction.

If you are still one of the people that receive the paper statements in the mail, you will spot it, but only if you are really careful about reconciling your account. If you don’t get the printed statements, you may never see the transactions from the fraudster.

As Amit Klein writes on the company’s blog, “The malware hides the fraudulent transactions in the view transactions page, as well as artificially changing the total fraudulent transaction amount to balance the totals. As a result, the deceived customer has no idea that their account has been taken over, nor that any fraudulent transactions have taken place.” Yikes!

Make sure your browser is up to date and if you have the option to install anti-phishing protection, now would be a good time to make sure that it is working. Most modern browsers have this enabled but it is worth reviewing if you are scared enough by this exploit. Happy holidays, everyone.