Phisher’s getting sneakier
The SecurityFix reports on this clever two-factor authentication phishing attempt. They were looking for Citibank Business customers and in addition to username password information they were looking to verify a supplied token. The bottom line is that phishers will look to find any way possible to social engineer you out of your information credentials, whether they’re one-factor, two-factor or three factor, etc….. It appears as though it was a well done phish with a few exceptions and that it even checked some credentials by the citicard site giving an error message if you entered invalid login info.
For things like this, I really think phising toolbars can be a great help. I like Netcraft’s toolbar. Of course, the best defence is awareness and caution. (Likely those that are aware of the phishing scams and cautious about entering login data on just any site are more likely to have an anti-phishing toolbar….)