Wave Systems Corp. (fka WAVXQ)

[dude_danny]

O.T. Fraudsters fool ABN Amro customers
Two-factor security breach...

By Julian Goldsmith
http://software.silicon.com/security/0,39024655,39166823,00.htm
Published: Friday 20 April 2007

Customers of Dutch bank ABN Amro have been fooled by a phishing scam into revealing their passwords. According to reports, four of the bank's customers had an undisclosed amount of money stolen from their accounts, even though they were protected by a two-factor authentication system.

The system involves tokens and passwords that generate constantly changing codes as a secure method of identification. Fraudsters sent customers an email attachment which, when opened, covertly installed code on the user's machine.


When customers tried to log on to their ABN Amro accounts they were redirected to a duplicate site controlled by the thieves, who were then able to use customers' account details and withdraw money through the bank's real site.

The bank has compensated the affected customers and warned customers not to open attachments from people they do not know.


Cheat Sheets

♦ Basel II
♦ MiFID
♦ Sarbanes-Oxley

A spokesman for ABN Amro said the bank took the issue seriously and would be taking steps to improve technological security to foil hackers in the future.

Two-factor security, while generally more secure than passwords alone, is inherently vulnerable to this sort of 'man in the middle' attack, industry commentators have said.