By Antony Savvas
3 April 2007
ABN Amro has compensated four customers who lost cash when hackers stole
money from their accounts using a malware phishing technique.
The hackers overcame the banks two-factor authentication system by first
sending the victims an e-mail containing an attachment.
The banks customers opened the attachment which installed malware on
their machines. This malware changed the customers browser settings, so
when they tried to visit the ABN Amro site they were instead directed to
a spoof copy of the site.
They were then asked to log in in the usual way, along with a temporary
password supplied by their security token.
This information was then collected by the hackers to simultaneously log
into the real ABN Amro site to withdraw money from their accounts.
ABN is using the fraud to try and educate its customers about the threat
to their online accounts.
It has said users should not open e-mails from people they dont know,
and to use a personal firewall along with anti-virus software.
The amount stolen from the ABN customer accounts has not been disclosed.
Subscribe to InfoSec News