Main Menu

Login



Support Virus.Org

Help support Virus.Org by donating.
Donating allows us to keep this site free and pay the running costs of all our services.
Citibank Phishers Spoof Two-Factor Auth Protected Site PDF Print E-mail
Written by Editor   
Thursday, 13 July 2006 11:37
One of the means used to provide protection from authentication based attacks has long been the fabled two-factor authentication. This means that the second factor being something the user has in their physical possession like an access card. In what is believed to be the first attack of its kinda phishers have targeted Citibank Business customers in an phishing attack using a man in the middle attack to circumvent the token that Citibank provide their customers. The scam email directed at the Citibank customer as usual asks the customer to visit a website to confirm his or her account information as some imaginary suspect has attempted to log into your account and failed. Pretty standard stuff so far, if the customer visits the site, they are delivered to a site that looks just like the original Citibusiness login page, complete with a long URL that ends in Citibank.com, alas however the site is hosted in Russia.

The site asks for the customers username, password and the value from the token the customer has from Citibank. The site then performs a request to real Citibank systems using your information as part a man in the middle attack. If the Citibank site generates an error, this is passed to the user, therefore if the savvy attempt to enter bogus information as a test this is reflected with a real error being returned to the user.

Although the site was active in the last week and the weekend it has since been closed down. But this certainly goes to show that the phishers are developing ways to attack sites that are using systems that are considered good practice to ensure the security of a customers account.

Add this page to your favorite Social Bookmarking websites
Digg! Reddit! Del.icio.us! Google! Live! Facebook! Technorati! StumbleUpon! Yahoo!
Last Updated ( Thursday, 14 September 2006 22:03 )