A typical online banking website prompts you for a username and password combination to prove that you are indeed who you claim to be. The rise of phishing over the past few years has raised the question How does your bank prove who it is? Many technologies and procedures have been developed in an attempt to make this authentication a two way process. The most common method is the display of a personalized image. The attacker has wiggle room to take advantage of the system and replicate the user experience for the unsuspecting victim while stealing their credentials.”]
Source: https://www.csoonline.com/article/2136913/banking-in-the-dark.html