30% of attacks against websites that use two-factor authentication are now utilizing real-time man-in-the-middle techniques to bypass this trusted security mechanism, according to Trusteer. These findings are based on monitoring of thousands of phishing attacks.

According to Mickey Boodaei, Trusteer's CEO, in a real time phishing attack the user enters details onto a phishing website which captures the banking credentials and authentication information. The stolen credentials are then immediately used to open a session on the real bank website to commit a fraud.

Authentication information typically captured and used by criminals in real time phishing include: One Time Passwords (OTP), tokens, SMS authentication; card and readers - rendering them ineffective against this type of attack.

More: More: http://www.net-security.org/secworld.php?id=10136