Security experts report that cybercrime is siphoning untold millions of dollars from banks and their customers using Secure Sockets Layer (SSL)-evading Trojans and ever more refined phishing techniques. All antivirus and anti-malware vendors can point to thousands of bank and e-commerce Secure Sockets Layer (SSL) Trojans designed to steal money and identities, often referred to as Bancos/Banker variants. Few sources are ready to provide information that describes the extent of the problem. Phishing is the primary method of attack, and phishing e-mails now arrive with user address, XIP code, or account information already filled in. However, users are also getting smarter and are less likely to provide authentication information in response to an e-mail. Therefore, the crooks are using SSL-evading Trojans that install themselves on the PCs of unaware users and capture log-on credentials or manipulate transactions after a successful logon. In both instances, the connection between bank and PC remains. The Trojan actually sniffs or manipulates the transaction before it ever goes over the Internet to the bank. Ten ways to guard the site are listed. For instance, banking regulators and oversight committees need to be educated about the danger of SSL-evading Trojans and the need for transaction authorization protection. Banks should lead by example and should also clearly communicate to all customers the bank's policy regarding requests for additional information. For instance, customers should be told that requests for the bank account number and PIN will never be made via e-mail.