Real-time phishing reportedly renders two-factor authentication and one-time passwords useless

News by SC Staff

Real-time attacks and man-in-the-middle techniques are being used to bypass two-factor authentication (2FA) technology.

Real-time attacks and man-in-the-middle techniques are being used to bypass two-factor authentication (2FA) technology.

Research by Trusteer found that in a real-time phishing attack, the user enters details onto a phishing website which captures the banking credentials and authentication information. The stolen credentials are then immediately used to open a session on the real bank website to commit a fraud.

It said that phishing attacks to date have been completely static, as traditionally the victim reaches a phishing website, submits their login credentials which are then stored for later use by cyber criminals. The introduction of strong two-factor authentication systems, especially one-time passwords, rendered these attacks useless, as fraudsters could not use static stolen credentials to commit fraud.

Even though one-time passwords (OTP) are limited in time and if fraudsters managed to capture OTP data, there is only a small window for them to be used. However Trusteer claimed that cyber criminals have not given up.

Mickey Boodaei, CEO of Trusteer, said: “Recently we have noticed an increase of a type of attack called man-in-the-middle phishing or, real-time phishing. The concept is not a new one and is well known in the security world; however up until now, we have not seen too many attacks like this. The recent escalation of websites now experiencing this type of attack is a cause for immediate concern.

“With real-time phishing, OTPs are becoming useless. There is no update or improvement to OTP that can defeat real-time phishing. The best form of defence is to implement dynamic layers of security, including browsing security, that can adapt to and block new threats.”


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews