Comment Theres not many solutions to this problem... (Score 1) 113
Yes this does happen, they dont even need to install a trojan on your computer they do it with phishing pages which have a jabber instant messenger client which instantly relays the OTP (one time password) to a server which does an immediate backconnect to the bank etc and logs in.
The other way they are bypassing these devices is through a trojan on the computer and they hijack the browser, MITB man in the browser.
The OTP security token method is pretty much useless actually not really protecting against much at all which isnt already covered by ssl. The problem with the OTP devices is they are only one way authentication.
The MITB attacks defeat just about everything else available even recently the active mutual authentication electronic tokens.
About the only online authentication method which isnt vulnerable is the passwindow cards as they are the only online authentication I know of capable of passive mutual authentication. (active means a human has to do something and then gets tricked by the torjan in the browser, passwive is where you just view and dont do anything except enter the password)
http://en.wikipedia.org/wiki/Mutual_authentication