28 November 2014

ABN Amro compensates victims of 'man-in-the-middle' attack

02 April 2007  |  22007 views  |  0 caution!

Four ABN Amro customers activated a virus allowing a man-in-the-middle attack that overcame the bank's two-factor authentication. After the attack, ABN Amro removed an 'urgent payment' option from its Web site as a precaution, compensated the customers and launched a campaign to remind users about internet banking safety.

The bank says that its customers opened an email attachment that resulted in a virus being executed on their machines. This virus changed their browsers' behaviour so when they went to open the real ABN Amro online banking site, they were instead re-directed to a spoof site.

The customers then typed in their passwords, which the attacker in turn used to access the bank's real Web site. The customer's own transactions were passed along to the real site, so they didn't notice anything wrong right away, while the attacker simultaneously made their own fraudelent transactions using the bank's urgent payment feature.

ABN Amro has issued its customers with two-factor authentication tokens for several years. But the man-in-the middle attack gets around this security measure by passing the ever-changing part of the password from the token to the bank along with the never-changing part - essentially piggybacking on a legitimate log-in.

Johan van Hall, executive board member, ABN Amro Netherlands, says, "We take this incident very seriously and plan to take further action to educate our customers. If the user sticks to the rules, Internet banking is a very safe, fast and easy way to bank."

ABN Amro's five rules are:
1- Check the lock symbol in the browser and the ABN AMRO certificate
2- Always check your payments instructions
3- Never open e-mails from someone you don't know
4- Only install software from trusted sources
5- Protect your PC with a virus-scanner and a firewall.

Comments: (0)

Comment on this story (membership required)
Log in to receive notifications when someone posts a comment

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board, sign up now.

Related stories

22 January, 2007
11 January, 2007
14 December, 2006
01 December, 2006
23 November, 2006
10 November, 2006
22 September, 2006
13 September, 2006
11 September, 2006
05 September, 2006
20 July, 2006
20 December, 2005
16 December, 2005

Related company news

 

Related company information

ABN Amro

Featured job

Basic £130-140K OTE £250K (no ceiling)
London based and across EMEA

Find your next job