Hackers can misuse the BeEF Toolkit security testing software to gain access to a victim's browser and snoop on their online activity.
BeEF Toolkit, short for Browser Exploitation Framework, is software that experts use to test the security of a firm's network. But cybercriminals can also use it to steal trade secrets or financial information from unsuspecting businesses.
Hackers will send a carefully crafted phishing email with a malicious link. When the link is clicked on, it activates the BeEF Toolkit software, which hooks on to your browser and allows hackers to shadow your activity, said Banerjee.
"Hackers are then able to see your most-visited websites, your searches and your other online activity without you knowing it," he said. In some cases, cybercriminals can also inject malware that sniffs for passwords on the computer.
Banerjee said most small businesses aren't aware that patches exist to fix these loopholes. "Businesses need to become more aggressive about securing their browsers," he said.