« Citibank Deals with Spoofing on Home Page | Main | Fighting Email Fraud (Part 2) »

Enlisting Users in the Battle Against Fake Emails

By Jim Bruene on December 1, 2003 12:19 PM

No Phishing

03-dec-a01.jpg

In previous reports we’ve discussed long-term strategies to improve security and prevent unauthorized account access from ID thieves and mass phishers*. While monetary losses from these incursions are relatively small, the bigger issue is lost trust, making it harder to use the online channel profitably. We’ve even heard that a major European bank is considering eliminating all links from its email messages, a move that if widely adopted, would be a major setback to the industry. Before surrendering to the crooks, we recommend some less-drastic approaches involving user education and digital signatures.

We are glad to see banks taking the threat seriously, mounting major user-education effort. However, we caution against overreacting with dire homepage warnings.

Too much emphasis can be just as bad as too little. Statistically, there isn’t a great likelihood that phishing emails will reach their intended victims. Our email address, posted on our website since 1995, receives more than 700 spams per day, but we’ve never seen a fake banking message, although they may have been filtered at our ISP. However, we have received numerous eBay and PayPal fakes.

We are not suggesting you ignore the threat. In the short-term, you must rely on end-user vigilance to prevent damage from phishing. Every financial institution should educate users on the factors influencing email and website safety. We recommend using email messages and a dedicated website security section to do the job. Go easy on the scary homepage messages: a well-placed link to your security section should suffice.

You can be sure the media will do a fine job of creating fear, uncertainty, and dread among your online customers. Your job is to make customers feel more secure, not less.

Jim Bruene, Editor & Founder
jim@netbanker.com

*Mass phishing is sending fraudulent emails to a broad audience hoping to snag a few suckers out of the millions who receive the email. In comparison, a targeted phisher sends a personalized email to a single person, perhaps with knowledge of their card number, or at least the issuing bank, in hopes of gaining additional info.

Comments (0)
AddThis Social Bookmark Button
Categories: Phishing

Most Recent Posts:

TrackBack

TrackBack URL for this entry:
http://www.netbanker.com/cgi-bin/mt/mt-t.cgi/1652

Post a comment

(If you haven't left a comment here before, please note that we will read your comment before it is approved to go up on the blog. However, we'd prefer that you and our other readers didn't have to wait. If you'd like your comments to appear instantly in the future, you can create a TypeKey account and we'll set you up as a trusted commenter!)


Please enter the security code you see here

Sponsors

Finovate 2008 - Come see the future of finance & banking!

New Models in Lead Generation - Check out the best new ideas in getting customers online!


Sponsored Links

Events

Research

  • NEW! New Models for Lead Generation Auctions, personal finance communities, and tools provide alternatives to Google AdWords- Find out more
  • NEW! Online Investing Communities: Will social networking revolutionize saving & investing?- Find out more
  • NEW! Searching for Customers 3.0: Search engine marketing for financial institutions- Find out more
  • Person-to-Person Lending 2.0: Disruptive service or market niche? - Find out more

Products & Services

  • Compare CD (certificate of deposit) interest rates and read customer reviews at Bankaholic