Phishing attack evades bank's two factor authentication


A two factor authentication system operated by Dutch bank ABN Amro has been compromised and money stolen from the online accounts of customers who fell for a phishing scam. Two factor authentication for online banking usually involves passwords and tokens which provide synchronised, constantly changing numbers to use as additional evidence of identity.

The security industry has promoted the tokens as a preventative measure against hacking for users of remote corporate or banking systems. However, experts have warned that they are still vulnerable to phishing attacks, where fraudulent emails lure recipients to bogus websites that are set up to gather security details.

Four customers who used two-factor authentication have been compensated by ABN Amro for undisclosed amounts taken from their bank accounts. Phishing attack evades bank's two-factor authentication | The Register

Linked by shanmuga Thursday, 26th April 2007 1:59AM