Perilocity: Two-Factor Phishing

June 2009

July 10, 2006

Sun	Mon	Tue	Wed	Thu	Fri	Sat
	1	2	3	4	5	6
7	8	9	10	11	12	13
14	15	16	17	18	19	20
21	22	23	24	25	26	27
28	29	30

Two-Factor Phishing

Phishers consider nothing sacred, not even two-factor authentication: at least one has already phished for the second factor.

If you visit the site and enter bogus information to test whether the site is legit -- a tactic used by some security-savvy people -- you might be fooled. That's because this site acts as the "man in the middle" -- it submits data provided by the user to the actual Citibusiness login site. If that data generates an error, so does the phishing site, thus making it look more real.
Citibank Phish Spoofs 2-Factor Authentication, Brian Krebs, 10 July 2006

This could be because the people behind such phishing scams are often pretty tech-savvy people themselves. Funny how that happens when there's money in it.

-jsq

July 10, 2006 in Identity Theft | Permalink

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d8341cb65b53ef00d8346e934569e2

Listed below are links to weblogs that reference Two-Factor Phishing:

» http://thurston.halfcat.org/blog/2006/07/11/368/ from Not Bad For a Cubicle
In October 2005, the FDIC declared single-factor authentication inadequate for online banking authentication: Single-factor authentication methodologies may not provide sufficient protection for Internet-based financial services. The FFIEC agencies c... [Read More]

Comments

Verify your Comment

Previewing your Comment

Posted by: |

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:

Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.