Subscribe to web2feel.com
Subscribe to web2feel.com

All Top Banking

Posted by John B. Frank Thursday, April 30, 2009

- Banking / Finance News
Source: spamfighter
Complete item: http://www.spamfighter.com/News-12275-New-Phishing-Scam-Selects-First-Dakota-National-Bank-for-Target.htm

Description:
U.S. based First Dakota National Bank released a news item in the media last week alerting customers of a phishing e-mail that spoofs the Bank's name.

The scam e-mail claims that there is a new message for the recipient from the bank...to read it she/he must log into her/his online account with First Dakota and go to the Message Center Section.  In an e-mail that reads: "First Dakota National Bank Online Banking," the recipient is asked to follow a given link.

But when the user clicks the link, she/he is directed to an Internet site that informs the user that the bank has restricted her/his online banking account. The site then asks for personal information like name, zip code, e-mail address and banking details like debit card number.

Editor's Note:  Well, simpy put, these guys are "rookies". 

The "veteran's" would have you click a link that takes you to a cloned replica of the bank's original website.  

The "professionals" would not even bother phishing, they would simply perform DNS Hijacking to a perfectly cloned site...when user's logged onto their online banking website, the pro's would be able to obtain username's and passwords.  The pro's would then go to the the genuine site and have complete access to the account.


That is why bank's need our PCI 2.0 PIN Entry Device for secure log-in.  They issue the card, they issue the PIN, so why the Username/Passe'word?  Swipe the card, enter the PIN.  You can't do it if you don't have the card and you can't do it if you don't have the PIN.  That's what 2FA is all about.   HomeATM's SafeTPIN is capable of stopping the professionals and the veteran's.  The rookies might still get away with the occassional phishing attack, but never if consumers were instructed by their banks to always be SwipePIN. 

As I've been prone to say in the past.  It's inevitable that someone will be SwipePIN cardholder data...shouldn't it be the cardholder?




Related articles
Reblog this post [with Zemanta]

edit post

0 comments

Post a Comment

Powered by Blogger.

Blog Archive

Search This Blog

Our Manufacturing Facility

Our Manufacturing Facility

Learn More About Us

Find out how our patented technology can empower your financial institution.

Our secure two-factor online banking authentication eliminates dangerous passwords and usernames and replicates the same trusted process used to access cash at ATM's. (Insert Bank Issued Card, Enter Bank Issued PIN)

There is an R.O.I. as FI's also earn recurring revenue from each transaction conducted using our PCI 2.0 Certified PIN Entry Device. Our technology also provides a unique real-time P2P "Instant-Transfer" which allows your online banking customer to transfer cash from ANY of their bankcards to ANY other bankcard...with the Swipe of a card.

Help your bank eliminate phishing and your customers avoid identity theft by providing them with the ability to stop typing and start swiping. There is no safer way to conduct financial transactions online than by 3DES DUKPT encrypting the cardholder details, which we do at the mag-head "inside the box/outside the browser."

Total Pageviews

SLIM for PC or SmartPhone

SLIM for PC or SmartPhone
Click to Inquire

Chip and PIN eCommerce and Mobile

Chip and PIN eCommerce and Mobile
Click to Inquire

Kapersky Calls for Mass Adoption of Card Readers

Kapersky Calls for Mass Adoption of Card Readers

Translate This Blog

BobCaps

BobCaps

Search ePayment News (example: NFC)

About Me

My photo
Named one of the best Payment Industry News Blogs 4 Years Running

Feedjit

My Zimbio