A bit of bad news just as the business papers released that Barclays PLC will acquire ABN for $91 billion (USD).

A two-factor authentication system operated by Dutch bank ABN Amro has been compromised and money stolen from four customers who fell victim to a phishing scam.

The man-in-the-middle attack occurred after the customers opened an email with an attachment purporting to be from the bank, downloading malware onto their machines. When they next tried to visit the bank’s website, their browser was redirected to a fake site, allowing the attackers to overcome ABN Amro’s two-factor authentication system by piggy-backing on a legitimate log-in.

Yet another reason to be vigilant with your email.

“Barclays PLC announced its $91-billion (U.S.) offer for ABN Amro Holding NV, a deal that would create a mammoth bank with 47 million customers.”

That’s a helluva lot of potential victims. Hopefully with all of that money sloshing around someone can float the poor buggers in IT Security a few bones to repair the security problems.

Article Link

[tags]ABN Amro, Man in the Middle, Phishing[/tags]

Comments

  1. “Hopefully with all of that money sloshing around someone can float the poor buggers in IT Security a few bones to repair the security problems.”

    Interestingly enough, the authentication method compromised at ABN AMRO was disconnected smartcard readers, guess what Barclays is rolling out to their UK customers this year? – yes, correct… disconnected smartcard readers…

    Deploying readers to all their customers (in the UK) is definitely not cheap and shows that budget alone isn’t always an issue….

    We have blogged on the incident earlier this month:
    http://blog.cronto.com/index.php?
    title=transaction_verification_can_protect_aga

  2. @ Igor

    Thanks, I was unaware of that rollout.

    @All

    You know, I could gripe all day about internet banking but, I think a better approach would be…what works? I have worked for a couple banks in the past and I know the challenges and stress that these guys face. I wonder…what is a good solution? It’s far too easy to cast aspersions on the security that various banks have in place (I should know, I’m perfectly guilty of that).

    Anyone have any thoughts they would like to share that would be a positive improvment?

    Thanks for your comments Igor. I appreciate it.

    cheers

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.