You are here: silicon.com > Software > Security Strategy

Security Strategy

Fraudsters fool ABN Amro customers

Two-factor security breach...

Tags: fraudsters, abn amro

By Julian Goldsmith

Published: 20 April 2007 12:54 GMT

Customers of Dutch bank ABN Amro have been fooled by a phishing scam into revealing their passwords. According to reports, four of the bank's customers had an undisclosed amount of money stolen from their accounts, even though they were protected by a two-factor authentication system.

The system involves tokens and passwords that generate constantly changing codes as a secure method of identification. Fraudsters sent customers an email attachment which, when opened, covertly installed code on the user's machine.

silicon.com Financial Services

Get the latest financial services news straight to your inbox. Sign up for the FS newsletter today!

When customers tried to log on to their ABN Amro accounts they were redirected to a duplicate site controlled by the thieves, who were then able to use customers' account details and withdraw money through the bank's real site.

The bank has compensated the affected customers and warned customers not to open attachments from people they do not know.

Cheat Sheets

♦ Basel II
♦ MiFID
♦ Sarbanes-Oxley

A spokesman for ABN Amro said the bank took the issue seriously and would be taking steps to improve technological security to foil hackers in the future.

Two-factor security, while generally more secure than passwords alone, is inherently vulnerable to this sort of 'man in the middle' attack, industry commentators have said.

  1. Zones
  2. Management
  3. Networks
  4. Software
  5. IT Services
  6. Hardware
  1. Verticals
  2. Public Sector
  3. Financial Services
  4. Retail & Leisure

Bob Tarzey Why you must rein in your power users When they do damage, it can be catastrophic to your business

Jon Collins Is losing a mobile device really such a big deal? How to minimise the damage to your business


  • Jobs
Senior Design Engineer

Employment Agencies Act, proof of identification will be required. Control; SOPs; As built drawings etc) To produce and review method statements, ...

Lead Fatigue and Damage Tolerance Engineer - F&DT

In compliance with the regulations in place under the Employment Agencies Act, proof of identification will be required. Proven experience as a ...

Database Admin DB2 Mainframe

These services include providing support of the Operating System configuration and associated file systems, log files, processes, problem ...

Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.





Quick Sitemap Links: