Sounds like some kind of weird casting technique, doesn’t it? Actually it is, in the realm of scammers trying to access your bank accounts. Phishing involves the scammer sending the target an email that looks like it came from your bank. It links to a fake copy of the bank’s website and records the details that people enter. Ususally it will display an error and forward the user to the real site.

Now, according to this report, they are getting more sophisticated. Some banks are now requiring 2-factor authentication; instead of only a username and password you also need a secure token that changes every minute. Many use the RSA SecureID system to generate the tokens every 60 seconds. Instead of storing the target’s information for later use the scammer now has only 1 minute to use the information to access the account. So they make a connection to the bank and report success or failure to the user in realtime. This is commonly called a Man in the Middle attack, where the target is actually communicating with his bank, but there is someone in the middle listening in, or passing the messages in each direction.

Be paranoid, its a nasty world out there.