By Julian Goldsmith, 20 April 2007 12:54
NEWS
Customers of Dutch bank ABN Amro have been fooled by a phishing scam into revealing their passwords. According to reports, four of the bank's customers had an undisclosed amount of money stolen from their accounts, even though they were protected by a two-factor authentication system.
The system involves tokens and passwords that generate constantly changing codes as a secure method of identification. Fraudsters sent customers an email attachment which, when opened, covertly installed code on the user's machine.
silicon.com Financial Services
Get the latest financial services news straight to your inbox. Sign up for the FS newsletter today!
When customers tried to log on to their ABN Amro accounts they were redirected to a duplicate site controlled by the thieves, who were then able to use customers' account details and withdraw money through the bank's real site.
The bank has compensated the affected customers and warned customers not to open attachments from people they do not know.
Cheat Sheets
♦ Basel II
♦ MiFID
♦ Sarbanes-Oxley
A spokesman for ABN Amro said the bank took the issue seriously and would be taking steps to improve technological security to foil hackers in the future.
Two-factor security, while generally more secure than passwords alone, is inherently vulnerable to this sort of 'man in the middle' attack, industry commentators have said.
In order to post a comment you need to be registered and logged in.
Log in or create your silicon.com account below