01 December 2015

ABN Amro compensates victims of 'man-in-the-middle' attack

02 April 2007  |  22431 views  |  0 caution!

Four ABN Amro customers activated a virus allowing a man-in-the-middle attack that overcame the bank's two-factor authentication. After the attack, ABN Amro removed an 'urgent payment' option from its Web site as a precaution, compensated the customers and launched a campaign to remind users about internet banking safety.

The bank says that its customers opened an email attachment that resulted in a virus being executed on their machines. This virus changed their browsers' behaviour so when they went to open the real ABN Amro online banking site, they were instead re-directed to a spoof site.

The customers then typed in their passwords, which the attacker in turn used to access the bank's real Web site. The customer's own transactions were passed along to the real site, so they didn't notice anything wrong right away, while the attacker simultaneously made their own fraudelent transactions using the bank's urgent payment feature.

ABN Amro has issued its customers with two-factor authentication tokens for several years. But the man-in-the middle attack gets around this security measure by passing the ever-changing part of the password from the token to the bank along with the never-changing part - essentially piggybacking on a legitimate log-in.

Johan van Hall, executive board member, ABN Amro Netherlands, says, "We take this incident very seriously and plan to take further action to educate our customers. If the user sticks to the rules, Internet banking is a very safe, fast and easy way to bank."

ABN Amro's five rules are:
1- Check the lock symbol in the browser and the ABN AMRO certificate
2- Always check your payments instructions
3- Never open e-mails from someone you don't know
4- Only install software from trusted sources
5- Protect your PC with a virus-scanner and a firewall.

Comments: (0)

Comment on this story (membership required)
Log in to receive notifications when someone posts a comment

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board, sign up now.

Related stories

22 January, 2007
11 January, 2007
14 December, 2006
01 December, 2006
23 November, 2006
10 November, 2006
22 September, 2006
13 September, 2006
11 September, 2006
05 September, 2006
20 July, 2006
20 December, 2005
16 December, 2005

Related company news


Related company information

ABN Amro
Your browser is unable to support Flash files.

Top topics

Most viewed Most shared
EPC publishes proposals for pan-European i...
8069 views comments | 36 tweets | 33 linkedin
Former Barclays chief forecasts massive jo...
7696 views comments | 30 tweets | 36 linkedin
WeChat launches mobile wallet in South Afr...
6675 views comments | 20 tweets | 16 linkedin
BBVA Bancomer first to roll out dynamic CV...
6406 views comments | 14 tweets | 21 linkedin
Hilton confirms data breach
5909 views comments | 11 tweets | 17 linkedin

Featured job

Brussels (Belgium) or Paris (France)

Find your next job