29 August 2016
Find out more

ABN Amro compensates victims of 'man-in-the-middle' attack

02 April 2007  |  22752 views  |  0 caution!

Four ABN Amro customers activated a virus allowing a man-in-the-middle attack that overcame the bank's two-factor authentication. After the attack, ABN Amro removed an 'urgent payment' option from its Web site as a precaution, compensated the customers and launched a campaign to remind users about internet banking safety.

The bank says that its customers opened an email attachment that resulted in a virus being executed on their machines. This virus changed their browsers' behaviour so when they went to open the real ABN Amro online banking site, they were instead re-directed to a spoof site.

The customers then typed in their passwords, which the attacker in turn used to access the bank's real Web site. The customer's own transactions were passed along to the real site, so they didn't notice anything wrong right away, while the attacker simultaneously made their own fraudelent transactions using the bank's urgent payment feature.

ABN Amro has issued its customers with two-factor authentication tokens for several years. But the man-in-the middle attack gets around this security measure by passing the ever-changing part of the password from the token to the bank along with the never-changing part - essentially piggybacking on a legitimate log-in.

Johan van Hall, executive board member, ABN Amro Netherlands, says, "We take this incident very seriously and plan to take further action to educate our customers. If the user sticks to the rules, Internet banking is a very safe, fast and easy way to bank."

ABN Amro's five rules are:
1- Check the lock symbol in the browser and the ABN AMRO certificate
2- Always check your payments instructions
3- Never open e-mails from someone you don't know
4- Only install software from trusted sources
5- Protect your PC with a virus-scanner and a firewall.

Comments: (0)

Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

Australian banks to examine liability for online scams

Australian banks to examine liability for online scams

22 January 2007  |  7846 views  |  0 comments
Man-in-the-middle phishing kits for sale on the Web

Man-in-the-middle phishing kits for sale on the Web

11 January 2007  |  13043 views  |  0 comments
Phishing figures worry FSA

Phishing figures worry FSA

14 December 2006  |  12441 views  |  0 comments
ABN Amro opens virtual branch in Second Life

ABN Amro opens virtual branch in Second Life

01 December 2006  |  16274 views  |  0 comments
Microsoft cracks down on phishers

Microsoft cracks down on phishers

23 November 2006  |  6093 views  |  0 comments
Phishers angling for fatter fish

Phishers angling for fatter fish

10 November 2006  |  7703 views  |  0 comments
Cyber fraudsters steal bank data in e-card scam

Cyber fraudsters steal bank data in e-card scam

22 September 2006  |  9760 views  |  0 comments
Barclays subject to massive phishing attack

Barclays subject to massive phishing attack

13 September 2006  |  7937 views  |  0 comments
FFIEC guidance deadline will lead to surge in phishing, warns US regulator

FFIEC guidance deadline will lead to surge in phishing, warns US regulator

11 September 2006  |  7103 views  |  0 comments
Bank of Ireland compensates phishing victims

Bank of Ireland compensates phishing victims

05 September 2006  |  8939 views  |  0 comments
ABN Amro deploys voice verification system

ABN Amro deploys voice verification system

20 July 2006  |  13062 views  |  0 comments
ABN Amro pays high price for compliance failures

ABN Amro pays high price for compliance failures

20 December 2005  |  15318 views  |  0 comments | 1 linkedin
ABN Amro customer data tape lost in transit

ABN Amro customer data tape lost in transit

16 December 2005  |  15416 views  |  0 comments

Related company news

 

Related company information

ABN Amro
Visit VocaLink.comVisit equens.comFind out more

Top topics

Most viewed Most shared
hands typing furiouslyBig Data's Three Big Trends in 2016
8376 views 5 | 22 tweets | 13 linkedin
hands typing furiouslyHow Banks Are Losing Millions by Ignoring...
7965 views 11 | 24 tweets | 10 linkedin
India's Unified Payments Interface goes live with 21 banksIndia's Unified Payments Interface goes li...
7099 views comments | 16 tweets | 21 linkedin
Nordea looking for AI and blockchain breakthroughsNordea looking for AI and blockchain break...
6845 views comments | 18 tweets | 21 linkedin
R3 blockchain consortium sheds light on Concord projectR3 blockchain consortium sheds light on Co...
6342 views comments | 14 tweets | 14 linkedin

Featured job

Find your next job