iEntry 10th Anniversary RSS Archive

IT Management Begins With Security
SecurityProNews > News > Security News > Citibank, OCBC Bank Affected By Phishing
Search:
[ news_security_news ]

Citibank, OCBC Bank Affected By Phishing



Doug Caverly
Staff Writer
2006-07-11

SecurityProNews: Insider Reports Insider Reports RSS Feed


A recent phishing scam targeting Citibank and OCBC Bank customers went a step beyond most by spoofing two-factor identification. E-mails asked the individuals to supply their user name, password, and a token-generated key.

The e-mails claimed someone had tried to access the customers' accounts, and then directed them to another site to "verify" their user information. One site, which was a convincing replica of the Citibank pages, was actually based in Russia. It has since been shut down. The other site was believed to have been based in China, and should also have been closed by now.

The scam was first noticed by Secure Science Corp. A number of customers also contacted the banks to report the phishing attempt. This was apparently a rather convincing scam, though; according to Brian Krebs, one fake site's address "appears to end in ‘Citibank.com,' but in fact ends at . . . ‘Tufel-Club.ru.'" There was one more component to the scam that might have tricked people.

"If you visit the site and enter bogus information to test whether the site is legit-a tactic used by some security-savvy people-you might be fooled," wrote Krebs. "That's because this site acts as the ‘man in the middle'-it submits data provided by the user to the actual Citibusiness login site. If that data generates an error, so does the phishing site, thus making it look more real."

It appears that no money was lost in the scam. This is a disturbing occurrence, just the same-two-factor identification was supposed to provide protection against phishing attacks. But as Krebs pointed out, "These methods work, however, only so long as the bad guys don't fake those as well."

Add to | DiggThis | Yahoo! My Web

Technorati:


About the Author:
Doug is a staff writer for SecurityProNews. InternetFinancialNews, SearchNewz, and WebProNews.

More news_security_news Articles

SecurityProNews: Insider Reports Insider Reports RSS Feed

Get Your Site Submitted for Free in the World's Largest B2B Directory!

Email Address:
* URL:
*
*Indicates Mandatory Field

Terms & Conditions

iEntry Featured Services: Jayde Member Services | Forums | Freeware | Advertise with Us

Contact Us | Advertise | Newsletter Archive | Sitemap | Submit an Article | News Feeds
SecurityProNews is an iEntry, Inc.® publication - 1998-2009 All Rights Reserved | Privacy Policy and Legal		 Join the WebProWorld Forums: Click Here
Virus Warnings

Subscribe to
SecurityProNews FREE!


[ more newsletters ]

Featured On:
article resources
Search Articles:
[advanced search]

WebProWorld.com
Get in-touch with industry experts and leaders
Post your site for review by expert and peers
Ask Security, IT, Development and Design questions

Free Membership: Join Now!

Visit WebProWorld.com

Titan Quest Forum
The #1 Titan Quest forum
Halo 3 Forum
The best Halo, Halo 2, Halo 3 forum
Nintendo Wii
Nintendo Wii news and views
Mac Software
The best in OS X freeware
Graphics Forum
Your source for graphic tutorials
SecurityProNews.com | Breaking eBusiness News Get Your IT Questions Answered - Click Here SecurityProNews News Feeds