Thank you for the ideas. This has been my secondary concern as well (primary concern is related to the board compromised).
What I cannot understand technically, is how Malware would be able to target the board. Trying to get my head around it so I can make a useful suggestion to the member. If I am going to tell the user their machine is compromised, I need to present some form sort of rational evidence supporting why.
For example - is the username and full name token named something obvious that Malware could try and intercept and replace values within?
Here is one example of a screenshot the member has sent.
You can see the username of this user is
Tama in the screenshot (top right part of the image).
However, under the members avatar, you can see it is displaying
Yes instead;