ssgumby - 5:24 pm on Jan 18, 2007 (gmt 0)

Am I missing something? How could a anyone pull off a phishing scam against a institution that uses key fobs?

Scenario

1. I get an email from scammer asking me for login details due to my account being jeopardized.

2. I begin to reply and fill in my personal code and then look at my FOB and enter the given code.

3. I send the email

4. Scammer gets info and immediately logs in to begin damage

Is there anyway all this is done within 5 - 10 seconds before the fobs value changed?

I think this is a great idea and should make a immediate and huge impact against phishers!