[ news_security_news ]
Citibank, OCBC Bank Affected By Phishing
Doug Caverly
Staff Writer
2006-07-11
 Insider Reports RSS Feed
A recent phishing scam targeting Citibank and OCBC Bank customers went a step beyond most by spoofing two-factor identification. E-mails asked the individuals to supply their user name, password, and a token-generated key.
The e-mails claimed someone had tried to access the customers' accounts, and then directed them to another site to "verify" their user information. One site, which was a convincing replica of the Citibank pages, was actually based in Russia. It has since been shut down. The other site was believed to have been based in China, and should also have been closed by now.
The scam was first noticed by Secure Science Corp. A number of customers also contacted the banks to report the phishing attempt. This was apparently a rather convincing scam, though; according to Brian Krebs, one fake site's address "appears to end in ‘Citibank.com,' but in fact ends at . . . ‘Tufel-Club.ru.'" There was one more component to the scam that might have tricked people.
"If you visit the site and enter bogus information to test whether the site is legit-a tactic used by some security-savvy people-you might be fooled," wrote Krebs. "That's because this site acts as the ‘man in the middle'-it submits data provided by the user to the actual Citibusiness login site. If that data generates an error, so does the phishing site, thus making it look more real."
It appears that no money was lost in the scam. This is a disturbing occurrence, just the same-two-factor identification was supposed to provide protection against phishing attacks. But as Krebs pointed out, "These methods work, however, only so long as the bad guys don't fake those as well."
Add to | DiggThis | Yahoo! My Web
Technorati: Phishing
About the Author:
Doug is a staff writer for SecurityProNews, InternetFinancialNews, SearchNewz, and WebProNews.
More news_security_news Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
