Citibank Hit With Phishing Attack
- By theWHIR.com , July 14, 2006
-
Share
|
Send |
Print |
Comments (0)
Reddit
Newsvine
Stumbleupon
Twitter
Facebook
Verio Attracts Resellers with Free Month of VPS Hosting: Companies looking to boost revenues are finding Verio's Free VPS promotion the right fit for getting started as Hosting Reseller.
Citibank Hit With Phishing Attack
July 14, 2006 -- (WEB HOST INDUSTRY REVIEW) -- An ongoing phishing attack against Citibank (citibank.com) is employing man-in-the-middle tactics to overcome two-factor authentication and access online banking accounts, reports research and analysis firm Netcraft (netcraft.com).
The second authentication factor used by Citibank is provided by a security token -- a physical item possessed by an account holder -- which creates a one-time password that is valid for approximately one minute.
The one-time password is worthless to an attacker if it is captured via keylogging trojans, as it will not work immediately after the victim has used it, nor will the attacker be able to access the victim's account in the future.
However, by duping a victim into entering these items of data into a form, the attacker's site can automatically forward the authentication ID to the real Citibank site instantly, and allow the attacker to successfully log in on behalf of the victim.
 |
OLDER: Microsoft Partner Show Continues | | | NEWER: CM4all Offers Consumer Site Builder |  |
Logging in allows enhanced commenting features (such as external linking) in news, features, blogs and more.