Citibank business customers have been targeted by a ‘man-in-the-middle’ phishing attack, in which a spoof Web address is used to circumvent the bank’s two-factor authentication protection by intercepting confidential user credentials as they are passed online. The phishing e-mail, identified in the wild by Secure Science Corp, encourages users to update their account information at a fake Citibusiness log-in site. Full Story