from infoworld.com
As the security techniques become more complex, it seems that the most basic scams still work their magic….
Scammers have found a way around new token-based authentication systems that have been adopted by some banks.
ver the past few weeks, approximately 35 phishing Web sites have been set up that use the new attack. They attempt to trick users into divulging the temporary passwords created by the security token devices used by banks such as Citigroup Inc., said Rich Miller, an analyst with Internet research company Netcraft Ltd.
Phishers have only recently begun looking for ways around token authentication, using what is known as a “man-in-the-middle” attack, Miller said. “These attacks are worrisome because they took advantage, fairly early on, of a system that’s seen as enhancing security for banking customers,” he said.
Token devices are used to create a temporary second password for online banking customers. These passwords are valid for a very short period of time and can be used only once, making it impossible for attackers to steal them for later use. U.S. banks have been offering the tokens to users in an effort to comply with federal guidelines that call for stronger, two-factor authentication for online transactions by year’s end.
Post a Comment
You must be logged in to post a comment.