A while ago, I pointed out the very bad decision taken by Dexia-BIL bank in Luxembourg to use a Macromedia Flash applet to defeat phishing attempts. Competition being what it is, the number one bank in Luxembourg, BCEE, could not afford to sit and watch. They just copied the idea.
As was pointed out in the case of Dexia-BIL, the system is very user-unfriendly. However, customer-friendliness does not seem to be part of the equation.
Somehow, banks feel responsible for the fact that their customers are clueless when it comes to Internet e-mail. Rather than educating them, they think it is smart to protect these poor souls against themselves and their naivety. Or it could be the legal department telling the IT guys they have to find a way for the bank not to be held liable in case a customer would sue them if he fell victim of a phising e-mail.
So, again let us remind the banks and their customers how to fight phishing attempts:
- Use common sense. A reputable bank does not send e-mails asking for personal information they should already have. Actually, a bank does not use e-mail to communicate with customers. They are convinced you are always available to walk to their branch office during office hours, and that you have nothing better to do.
- Ask your ISP to filter out phising attempts in incoming e-mail messages. The cost is low. Open source tools do a wonderful job at that. MailScanner and Amavis-new do it for free. If your ISP wants to spend a lot of money, there are commercial products, too. If it is unwilling to do that, there is still client-side software. But you should rather move to an ISP which cares about its customers. In the “ISP” acronym, “S” stands for “Service”. If there is no service, vote with your feet.
- Avoid broken mail clients that display HTML by default.
- Double check the hyperlink you are clicking on.
And if you are too dumb to do any of the above, avoid accessing your bank account through the Internet and go to the branch office for every transaction. At least, this will give additional work to the clerk behind the desk and maybe he will be able to keep his job, rather than being fired because “customers use the Internet anyway”.
Recent Comments