« Citibank Deals with Spoofing on Home Page | Main | Fighting Email Fraud (Part 2) »

Enlisting Users in the Battle Against Fake Emails

By Jim Bruene on December 1, 2003 12:19 PM | Comments (0)

No Phishing

03-dec-a01.jpg

In previous reports we’ve discussed long-term strategies to improve security and prevent unauthorized account access from ID thieves and mass phishers*. While monetary losses from these incursions are relatively small, the bigger issue is lost trust, making it harder to use the online channel profitably. We’ve even heard that a major European bank is considering eliminating all links from its email messages, a move that if widely adopted, would be a major setback to the industry. Before surrendering to the crooks, we recommend some less-drastic approaches involving user education and digital signatures.

We are glad to see banks taking the threat seriously, mounting major user-education effort. However, we caution against overreacting with dire homepage warnings.

Too much emphasis can be just as bad as too little. Statistically, there isn’t a great likelihood that phishing emails will reach their intended victims. Our email address, posted on our website since 1995, receives more than 700 spams per day, but we’ve never seen a fake banking message, although they may have been filtered at our ISP. However, we have received numerous eBay and PayPal fakes.

We are not suggesting you ignore the threat. In the short-term, you must rely on end-user vigilance to prevent damage from phishing. Every financial institution should educate users on the factors influencing email and website safety. We recommend using email messages and a dedicated website security section to do the job. Go easy on the scary homepage messages: a well-placed link to your security section should suffice.

You can be sure the media will do a fine job of creating fear, uncertainty, and dread among your online customers. Your job is to make customers feel more secure, not less.

Jim Bruene, Editor & Founder
jim@netbanker.com

*Mass phishing is sending fraudulent emails to a broad audience hoping to snag a few suckers out of the millions who receive the email. In comparison, a targeted phisher sends a personalized email to a single person, perhaps with knowledge of their card number, or at least the issuing bank, in hopes of gaining additional info.

Comments (0)
Categories: Phishing

Most Recent Posts:

TrackBack

TrackBack URL for this entry:
http://www.netbanker.com/cgi-bin/mt/mt-t.cgi/1652

Leave a comment

Sponsors

BackBase IntelliResponse Yodlee FinovateEurope 2012

Events

  • FinovateEurope 2012 -- On February 7th, 2012, the second annual FinovateEurope will feature dozens of Europe's newest fintech innovations via a fast-paced demo-only format in the financial capital of London. 7 minutes each on stage. No slides allowed. Come watch the future of fintech in Europe unfold live! Get your ticket today and lock in your spot before it is too late!
  • FinovateSpring 2012 -- On May 8th & 9th, 2012, Finovate will return to San Francisco for our 5th annual west coast showcase of the newest fintech innovations from Silicon Valley and beyond. Each company gets 7 minutes to demo live. No slides allowed. Come watch the future of fintech debut! Get your ticket today and save big!

Research

  • NEW! Online & Mobile Banking Forecast: Current, future and historical usage: 1994 to 2021 - Find out more
  • NEW! Selling Insurance Online (Banking Edition): Can insurance help fill the fee-income gap? - Find out more
  • NEW! True Virtual Banking Has Arrived: BankSimple, Personal Capital, Betterment and others go branchless, paperless and “bank-less” - Find out more
  • 2012 Guide to Online & Mobile Banking Products, Pricing & Strategy: Preparing for a mobile-first world - Find out more
  • Family Banking: Tweens, Teens & their Parents: In a remote banking world, your most-promising prospects aren’t even driving yet! - Find out more

 

   

RSS Subscribe via RSS
RSS Subscribe to Comments


Email:


@NetBanker Twitter Feed


See all @NetBanker tweets