Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
"I definitely think it's the start of something," Gartner analyst Avivah Litan said this morning. "I think it's going to escalate now."
First discovered by internet security firm Secure Science Corp. and reported by expert Brian Krebs in his blog in The Washington Post, the clever attack is among the first of its kind.
Scammers sent an email to users saying they needed to update their Citibank account information, the Post reported. Clinking on the supplied link redirected them to a site that appeared identical to the Citibusiness login page.
The spoofed URL communicates with the real site, inserting itself between the user and Citibank server, Litan said.
"The site asks for your username and password, as well as the token-generated key," Krebs wrote. "If you visit the site and enter bogus information to test whether the site is legit – a tactic used by some security-savvy people – you might be fooled. That's because the site acts as the "man in the middle" – it submits data provided by the user to the actual Citibusiness login site. If that data generates an error, so does the phishing site, thus making it look more real."
Litan said banks must take this new "next-generation" threat seriously, even though there have been relatively few. However, as Litan notes, when email phishing schemes began to take off several years back, Citibank was one of the early targets.
She recommends banks deploy fraud detection programs and controls that continuously authenticate users. Too much emphasis, she said, is placed on the initial login.
"If (Citibank) had that in place, they would have picked (the attack) up because they would have seen traffic coming in from another IP address or another server," Litan said.
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.