30 September 2016
Visit dh.com

ABN Amro compensates victims of 'man-in-the-middle' attack

02 April 2007  |  22802 views  |  0 caution!

Four ABN Amro customers activated a virus allowing a man-in-the-middle attack that overcame the bank's two-factor authentication. After the attack, ABN Amro removed an 'urgent payment' option from its Web site as a precaution, compensated the customers and launched a campaign to remind users about internet banking safety.

The bank says that its customers opened an email attachment that resulted in a virus being executed on their machines. This virus changed their browsers' behaviour so when they went to open the real ABN Amro online banking site, they were instead re-directed to a spoof site.

The customers then typed in their passwords, which the attacker in turn used to access the bank's real Web site. The customer's own transactions were passed along to the real site, so they didn't notice anything wrong right away, while the attacker simultaneously made their own fraudelent transactions using the bank's urgent payment feature.

ABN Amro has issued its customers with two-factor authentication tokens for several years. But the man-in-the middle attack gets around this security measure by passing the ever-changing part of the password from the token to the bank along with the never-changing part - essentially piggybacking on a legitimate log-in.

Johan van Hall, executive board member, ABN Amro Netherlands, says, "We take this incident very seriously and plan to take further action to educate our customers. If the user sticks to the rules, Internet banking is a very safe, fast and easy way to bank."

ABN Amro's five rules are:
1- Check the lock symbol in the browser and the ABN AMRO certificate
2- Always check your payments instructions
3- Never open e-mails from someone you don't know
4- Only install software from trusted sources
5- Protect your PC with a virus-scanner and a firewall.

Comments: (0)

Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

Australian banks to examine liability for online scams

Australian banks to examine liability for online scams

22 January 2007  |  7867 views  |  0 comments
Man-in-the-middle phishing kits for sale on the Web

Man-in-the-middle phishing kits for sale on the Web

11 January 2007  |  13078 views  |  0 comments
Phishing figures worry FSA

Phishing figures worry FSA

14 December 2006  |  12464 views  |  0 comments
ABN Amro opens virtual branch in Second Life

ABN Amro opens virtual branch in Second Life

01 December 2006  |  16303 views  |  0 comments
Microsoft cracks down on phishers

Microsoft cracks down on phishers

23 November 2006  |  6115 views  |  0 comments
Phishers angling for fatter fish

Phishers angling for fatter fish

10 November 2006  |  7724 views  |  0 comments
Cyber fraudsters steal bank data in e-card scam

Cyber fraudsters steal bank data in e-card scam

22 September 2006  |  9784 views  |  0 comments
Barclays subject to massive phishing attack

Barclays subject to massive phishing attack

13 September 2006  |  7960 views  |  0 comments
FFIEC guidance deadline will lead to surge in phishing, warns US regulator

FFIEC guidance deadline will lead to surge in phishing, warns US regulator

11 September 2006  |  7121 views  |  0 comments
Bank of Ireland compensates phishing victims

Bank of Ireland compensates phishing victims

05 September 2006  |  8969 views  |  0 comments
ABN Amro deploys voice verification system

ABN Amro deploys voice verification system

20 July 2006  |  13084 views  |  0 comments
ABN Amro pays high price for compliance failures

ABN Amro pays high price for compliance failures

20 December 2005  |  15347 views  |  0 comments | 1 linkedin
ABN Amro customer data tape lost in transit

ABN Amro customer data tape lost in transit

16 December 2005  |  15449 views  |  0 comments

Related company news

 

Related company information

ABN Amro
Visit capgemini.comVisit i2cinc.comVisit contisgroup.com

Top topics

Most viewed Most shared
RBS tests demonstrate ability of Ethereum to support a national domestic payments systemRBS tests demonstrate ability of Ethereum...
14567 views comments | 55 tweets | 48 linkedin
Ripple rudely gatecrashes Sibos partyRipple rudely gatecrashes Sibos party
10150 views comments | 31 tweets | 30 linkedin
Swift beware: Ripple signs banks to global payments steering groupSwift beware: Ripple signs banks to global...
9224 views comments | 33 tweets | 18 linkedin
BNP Paribas is working with clients on blockchain deploymentBNP Paribas is working with clients on blo...
7567 views comments | 14 tweets | 30 linkedin
US gets same day ACHUS gets same day ACH
7048 views comments | 23 tweets | 20 linkedin

Featured job

Find your next job