Digg has a discussion about recent attack against Citibank where phishers successfully defeated security based on RSA token authentication.
Here is what Register writes about this attack:
“Banks in the Netherlands and Scandinavia have used two-factor authentication for years, and the technology is widely credited with helping to make account fraud more difficult. But the Citibank attack shows the growing sophistication of fraudsters, and undermines any notion that this approach delivers complete protection”.
The solution is simple—1Passwd and similar utilities are very effective against phishing attacks. They protect against keyloggers as well.