[e-gold-list] Re: via digg: Citibank Phish Spoofs 2-Factor
Authentication
James A. Donald
jamesd at echeque.com
Tue Jul 11 16:00:01 MDT 2006
--
jrw at e-gold.com wrote:
> "Phishers have now started phishing for the two-factor
> token ID from victims. The most interesting part is
> that these tokens only give you one minute to log in
> to the bank until that key will expire. The phishers
> employ a man-in-the-middle attack against the victim
> and Citibank to log in via php and conduct money
> transfers immediately..."
>
> story:
>
http://blog.washingtonpost.com/securityfix/2006/07/citibank_phish_spoofs_2factor_1.html
So long as logins are registered and performed in a web
page, rather than in the chrome, we are hosed.
Creating a login, and logging into it, has to be a
browser and email client function, not a web page
function.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
ICjNCzaL2zy32IqfC69LBwPD0UCLDW5erXpLS/ui
4w1i7U+3O8Xd4DCWDSazX8K3DqhlNhRBqA6DMTqEn
---
You are currently subscribed to e-gold-list as: e-gold-list at kobly.com
To unsubscribe send a blank email to leave-e-gold-list-512001C at talk.e-gold.com
Use e-gold's Secure Randomized Keyboard (SRK) when accessing your e-gold account(s) via the web and shopping cart interfaces to help thwart keystroke loggers and common viruses.
More information about the E-gold-list
mailing list