29 July 2016
Find out more

ABN Amro compensates victims of 'man-in-the-middle' attack

02 April 2007  |  22711 views  |  0 caution!

Four ABN Amro customers activated a virus allowing a man-in-the-middle attack that overcame the bank's two-factor authentication. After the attack, ABN Amro removed an 'urgent payment' option from its Web site as a precaution, compensated the customers and launched a campaign to remind users about internet banking safety.

The bank says that its customers opened an email attachment that resulted in a virus being executed on their machines. This virus changed their browsers' behaviour so when they went to open the real ABN Amro online banking site, they were instead re-directed to a spoof site.

The customers then typed in their passwords, which the attacker in turn used to access the bank's real Web site. The customer's own transactions were passed along to the real site, so they didn't notice anything wrong right away, while the attacker simultaneously made their own fraudelent transactions using the bank's urgent payment feature.

ABN Amro has issued its customers with two-factor authentication tokens for several years. But the man-in-the middle attack gets around this security measure by passing the ever-changing part of the password from the token to the bank along with the never-changing part - essentially piggybacking on a legitimate log-in.

Johan van Hall, executive board member, ABN Amro Netherlands, says, "We take this incident very seriously and plan to take further action to educate our customers. If the user sticks to the rules, Internet banking is a very safe, fast and easy way to bank."

ABN Amro's five rules are:
1- Check the lock symbol in the browser and the ABN AMRO certificate
2- Always check your payments instructions
3- Never open e-mails from someone you don't know
4- Only install software from trusted sources
5- Protect your PC with a virus-scanner and a firewall.

Comments: (0)

Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

Australian banks to examine liability for online scams

Australian banks to examine liability for online scams

22 January 2007  |  7812 views  |  0 comments
Man-in-the-middle phishing kits for sale on the Web

Man-in-the-middle phishing kits for sale on the Web

11 January 2007  |  13014 views  |  0 comments
Phishing figures worry FSA

Phishing figures worry FSA

14 December 2006  |  12412 views  |  0 comments
ABN Amro opens virtual branch in Second Life

ABN Amro opens virtual branch in Second Life

01 December 2006  |  16235 views  |  0 comments
Microsoft cracks down on phishers

Microsoft cracks down on phishers

23 November 2006  |  6064 views  |  0 comments
Phishers angling for fatter fish

Phishers angling for fatter fish

10 November 2006  |  7672 views  |  0 comments
Cyber fraudsters steal bank data in e-card scam

Cyber fraudsters steal bank data in e-card scam

22 September 2006  |  9737 views  |  0 comments
Barclays subject to massive phishing attack

Barclays subject to massive phishing attack

13 September 2006  |  7915 views  |  0 comments
FFIEC guidance deadline will lead to surge in phishing, warns US regulator

FFIEC guidance deadline will lead to surge in phishing, warns US regulator

11 September 2006  |  7073 views  |  0 comments
Bank of Ireland compensates phishing victims

Bank of Ireland compensates phishing victims

05 September 2006  |  8906 views  |  0 comments
ABN Amro deploys voice verification system

ABN Amro deploys voice verification system

20 July 2006  |  13030 views  |  0 comments
ABN Amro pays high price for compliance failures

ABN Amro pays high price for compliance failures

20 December 2005  |  15282 views  |  0 comments | 1 linkedin
ABN Amro customer data tape lost in transit

ABN Amro customer data tape lost in transit

16 December 2005  |  15388 views  |  0 comments

Related company news

 

Related company information

ABN Amro
Visit www.abe-eba.euFind out moreVisit VocaLink.com

Top topics

Most viewed Most shared
satelliteContactless Bitcoin startup Plutus Tap &am...
9626 views comments | 10 tweets | 4 linkedin
Telefonica Germany launches Fidor-backed mobile banking serviceTelefonica Germany launches Fidor-backed m...
6871 views comments | 16 tweets | 22 linkedin
hands typing furiouslyManaging Big Data After Brexit
6073 views 0 | 6 tweets | 8 linkedin
UK and South Korea build 'fintech bridge'UK and South Korea build 'fintech bridge'
5991 views comments | 13 tweets | 14 linkedin
Finextra paper explores blockchain as an enabler of operational resilienceFinextra paper explores blockchain as an e...
5463 views comments | 12 tweets | 9 linkedin

Featured job


Brussels (Belgium) or Paris (France)

Find your next job