ABN Amro has used two factor authentication for several years. However, recently they were successfully phished. As the article indicates, the phishing attack commenced when the user clicked on a link in a email. They were diverted to a fake website exactly resembling the ABN Amro website. The users then entered in their changing token pin. The fake website then sent the pin to the real website, successfully logged in and then withdrew money.
The article quotes the banks recommended five rules to prevent these types of attacks:"
1- Check the lock symbol in the browser and the ABN AMRO certificate
2- Always check your payments instructions
3- Never open e-mails from someone you don't know
4- Only install software from trusted sources
5- Protect your PC with a virus-scanner and a firewall."
Stronger, multifactor authentication cannot stop a phishing attack. Make sure that your users learn to never click on links in email or instant messages or open attached documents unless they are specifically expecting the message and links. Meanwhile, use transaction authentication to protect your enterprise crown jewels.
Guy
www.authenticationworld.com
guy.huntington@authenticationworld.com
del.icio.us