Citibank Phish Spoofs 2 Factor Authentication

Security experts have long touted the need for financial Web sites to move beyond mere passwords and implement so called "two factor authentication", the second factor being something the user has in their physical possession like an access card as the answer to protecting customers from phishing attacks that use phony emails and bogus Web sites to trick users into forking over their personal and financial data.

These methods work, however, only so long as the bad guys don't fake those as well. Take this latest phish, spotted by the people over at Secure Science Corp. It uses an impressively crafted Web-based e-mail that targets users of Citibank's Citibusiness service... Security Fix - Brian Krebs on Computer and Internet Security - (

Linked by shanmuga Tuesday, 11th July 2006 1:15AM