Sections

Personal tools

You are here: Home → wikidblog → When phishing and stolen customer database information combine

Recent entries: The Express Scripts Bounty admin Nov 14, 2008; Citrix on the need for two-factor authentication admin Nov 12, 2008; PCI expanding to Europe admin Nov 11, 2008; Embedding WiKID two-factor authentication in your Web application admin Nov 06, 2008; 50 Must-Have Open Source Tools for Security admin Oct 30, 2008

Recent comments: Re:Running the WiKID Two-factor authentication server on Ubuntu remix_tj Nov 16, 2008; Re:Embedding WiKID two-factor authentication in your Web application admin Nov 11, 2008; Re:Open source momentum and spending during the recession admin Nov 01, 2008; MTM vulnerable Kris Puri Oct 31, 2008; Re:Running the WiKID Two-factor authentication server on Ubuntu nowen Sep 26, 2008

2006/09/14

When phishing and stolen customer database information combine

Check out this phish email from Virus List

We fully appreciated not only the expert social engineering and well-written text, but also the fact that the phisher included not only the email of the intended victim, but also the postal address.

While the analyst points out that users should never click on an email from a bank, I think it also points out the need for mutual authentication.

Further, I think that the way WiKID handles mutual authentication is much better than other solutions - beyond just the fact that WiKID uses a cryptographically secure approach. When a users get a WiKID one-time passcode, their default browser is automatically launched to the correct website and the SSL certificate is validated for them. This approach is far more reliable from a user-experience than relying on the user to recognize a change in the website or chrome. (IMHO).