WARNING: This blog entry was imported from my old blog on blogs.sun.com (which used different blogging software), so formatting and links may not be correct.
The problem with password entry pads is this:
Gee, do you think my password has any 2's in it? How about 9's?
I've had my digital token card for nearly ten years now. Amazingly, I've never had to change the battery. Anyway, while having token cards is an important part of security,
this Slashdot story shows that even these
schemes are becoming targets for phishing scams.
"The phishers employ a man-in-the-middle attack against the victim and Citibank to log in via php and conduct money transfers immediately when logged in."
ReplyDeleteThe scary part of this is that there's no need for human interception on the part of the phisher (I'm no phishing expert, so this might very well be the norm). It's just a script, meaning one single person can cause a lot of damage.
Still, I haven't received one single phishing message that hasn't looked suspicious in some way. Checking the URL to the site is the best way to be sure.