Criminals have found a way around the token-based authentication systems that have been adopted by some banks. At least 35 phishing Web sites using the attack have been discovered. They attempt to trick users into divulging the temporary passwords created by security token devices.
Bruce Schneier predicted the rise of such attacks last year.