Strict Standards: Declaration of UserSettings::get() should be compatible with AbstractSettings::get($col_key1, $col_key2 = NULL, $col_key3 = NULL) in /home/id212/public_html/blog/inc/MODEL/users/_usersettings.class.php on line 202

Strict Standards: Declaration of UserSettings::set() should be compatible with AbstractSettings::set() in /home/id212/public_html/blog/inc/MODEL/users/_usersettings.class.php on line 202

Warning: Creating default object from empty value in /home/id212/public_html/blog/inc/MODEL/settings/_abstractsettings.class.php on line 221

Warning: Creating default object from empty value in /home/id212/public_html/blog/inc/MODEL/settings/_abstractsettings.class.php on line 221

Warning: Creating default object from empty value in /home/id212/public_html/blog/inc/MODEL/settings/_abstractsettings.class.php on line 221

Warning: Creating default object from empty value in /home/id212/public_html/blog/inc/MODEL/settings/_abstractsettings.class.php on line 221

Warning: Creating default object from empty value in /home/id212/public_html/blog/inc/MODEL/settings/_abstractsettings.class.php on line 221

Warning: Creating default object from empty value in /home/id212/public_html/blog/inc/MODEL/settings/_abstractsettings.class.php on line 221

Warning: Creating default object from empty value in /home/id212/public_html/blog/inc/MODEL/settings/_abstractsettings.class.php on line 221

Warning: Creating default object from empty value in /home/id212/public_html/blog/inc/MODEL/settings/_abstractsettings.class.php on line 221

Warning: Creating default object from empty value in /home/id212/public_html/blog/inc/MODEL/settings/_abstractsettings.class.php on line 221

Warning: Creating default object from empty value in /home/id212/public_html/blog/inc/MODEL/settings/_abstractsettings.class.php on line 221

Warning: Creating default object from empty value in /home/id212/public_html/blog/inc/MODEL/settings/_abstractsettings.class.php on line 221

Warning: Creating default object from empty value in /home/id212/public_html/blog/inc/MODEL/settings/_abstractsettings.class.php on line 221

Warning: Creating default object from empty value in /home/id212/public_html/blog/inc/MODEL/settings/_abstractsettings.class.php on line 221

Warning: Creating default object from empty value in /home/id212/public_html/blog/inc/MODEL/settings/_abstractsettings.class.php on line 221

Warning: Creating default object from empty value in /home/id212/public_html/blog/inc/MODEL/settings/_abstractsettings.class.php on line 221

Warning: Creating default object from empty value in /home/id212/public_html/blog/inc/MODEL/settings/_abstractsettings.class.php on line 221

Warning: Creating default object from empty value in /home/id212/public_html/blog/inc/MODEL/settings/_abstractsettings.class.php on line 221

Warning: Creating default object from empty value in /home/id212/public_html/blog/inc/MODEL/settings/_abstractsettings.class.php on line 221

Warning: Creating default object from empty value in /home/id212/public_html/blog/inc/MODEL/settings/_abstractsettings.class.php on line 221

Warning: Creating default object from empty value in /home/id212/public_html/blog/inc/MODEL/settings/_abstractsettings.class.php on line 221

Warning: Creating default object from empty value in /home/id212/public_html/blog/inc/MODEL/settings/_abstractsettings.class.php on line 221

Warning: Creating default object from empty value in /home/id212/public_html/blog/inc/MODEL/settings/_abstractsettings.class.php on line 221

Warning: Creating default object from empty value in /home/id212/public_html/blog/inc/MODEL/settings/_abstractsettings.class.php on line 221

Warning: Creating default object from empty value in /home/id212/public_html/blog/inc/MODEL/settings/_abstractsettings.class.php on line 221

Warning: Creating default object from empty value in /home/id212/public_html/blog/inc/MODEL/settings/_abstractsettings.class.php on line 221

Warning: Creating default object from empty value in /home/id212/public_html/blog/inc/MODEL/settings/_abstractsettings.class.php on line 221

Warning: Creating default object from empty value in /home/id212/public_html/blog/inc/MODEL/settings/_abstractsettings.class.php on line 221

Warning: Creating default object from empty value in /home/id212/public_html/blog/inc/MODEL/settings/_abstractsettings.class.php on line 221

Warning: Creating default object from empty value in /home/id212/public_html/blog/inc/MODEL/settings/_abstractsettings.class.php on line 221

Warning: Creating default object from empty value in /home/id212/public_html/blog/inc/MODEL/settings/_abstractsettings.class.php on line 221

Warning: Creating default object from empty value in /home/id212/public_html/blog/inc/MODEL/settings/_abstractsettings.class.php on line 221

Warning: Creating default object from empty value in /home/id212/public_html/blog/inc/MODEL/settings/_abstractsettings.class.php on line 221

Warning: Creating default object from empty value in /home/id212/public_html/blog/inc/MODEL/settings/_abstractsettings.class.php on line 221

Warning: Creating default object from empty value in /home/id212/public_html/blog/inc/MODEL/settings/_abstractsettings.class.php on line 221

Warning: Creating default object from empty value in /home/id212/public_html/blog/inc/MODEL/settings/_abstractsettings.class.php on line 221

Warning: Cannot modify header information - headers already sent by (output started at /home/id212/public_html/blog/inc/MODEL/users/_usersettings.class.php:202) in /home/id212/public_html/blog/inc/MODEL/sessions/_session.class.php on line 222

Strict Standards: Declaration of Blog::set() should be compatible with DataObject::set($parname, $parvalue, $make_null = false) in /home/id212/public_html/blog/inc/MODEL/collections/_blog.class.php on line 1034

Strict Standards: Declaration of BlogCache::option_list() should be compatible with DataObjectCache::option_list($default = 0, $allow_none = false, $method = 'name') in /home/id212/public_html/blog/inc/MODEL/collections/_blogcache.class.php on line 272

Strict Standards: Declaration of Group::set() should be compatible with DataObject::set($parname, $parvalue, $make_null = false) in /home/id212/public_html/blog/inc/MODEL/users/_group.class.php on line 420

Strict Standards: Declaration of User::dbdelete() should be compatible with DataObject::dbdelete() in /home/id212/public_html/blog/inc/MODEL/users/_user.class.php on line 1145

Strict Standards: Declaration of User::set() should be compatible with DataObject::set($parname, $parvalue, $make_null = false) in /home/id212/public_html/blog/inc/MODEL/users/_user.class.php on line 1145

Strict Standards: Declaration of ResultSel::display_list_start() should be compatible with Results::display_list_start($detect_no_results = true) in /home/id212/public_html/blog/inc/_misc/_resultsel.class.php on line 48

Strict Standards: Declaration of ResultSel::display_list_end() should be compatible with Results::display_list_end($detect_no_results = true) in /home/id212/public_html/blog/inc/_misc/_resultsel.class.php on line 48

Strict Standards: Declaration of Filetype::set() should be compatible with DataObject::set($parname, $parvalue, $make_null = false) in /home/id212/public_html/blog/inc/MODEL/files/_filetype.class.php on line 197

Strict Standards: Declaration of UserCache::option_list() should be compatible with DataObjectCache::option_list($default = 0, $allow_none = false, $method = 'name') in /home/id212/public_html/blog/inc/MODEL/users/_usercache.class.php on line 288

Strict Standards: Declaration of Comment::set() should be compatible with DataObject::set($parname, $parvalue, $make_null = false) in /home/id212/public_html/blog/inc/MODEL/comments/_comment.class.php on line 1164

Notice: Array to string conversion in /home/id212/public_html/blog/inc/_misc/_misc.funcs.php on line 1253

Strict Standards: Declaration of ItemList2::query() should be compatible with Results::query($create_default_cols_if_needed = true, $append_limit = true, $append_order_by = true) in /home/id212/public_html/blog/inc/MODEL/items/_itemlist2.class.php on line 48

Notice: Array to string conversion in /home/id212/public_html/blog/inc/_misc/_misc.funcs.php on line 1253

Notice: Array to string conversion in /home/id212/public_html/blog/inc/_misc/_misc.funcs.php on line 1317

Warning: Cannot modify header information - headers already sent by (output started at /home/id212/public_html/blog/inc/MODEL/users/_usersettings.class.php:202) in /home/id212/public_html/blog/inc/MODEL/skins/_skin.funcs.php on line 71
Security x.0 - Phishing emails and training users

Phishing emails and training users

07/07/08

One of the frequently proposed ideas for reducing bank fraud is to train customers to identify and ignore phishing emails. The problem with this approach is that the criminals sending such emails quickly adapt to circumvent the advice given to customers, as can be seen in this quiz.

Even worse is that the emails sent by banks often resemble phishing attempts, and sometimes directly violate the advice given to customers. With this “do as I say, not as I do” approach, it is no surprise that customers regularly fall for the scams. In fact, sometimes a legitimate email look so fake that the bank's own security staff think it's a phish.

And it's not just banks which are slipping up. I received an email from Paypal, asking users to “click here and enter your password” despite the warning on the same page: “PayPal will never ask you to enter your password in an email”. What can customers be reasonably expected to do, given this type of training? I simply closed my account.

Email is a valuable sales channel for banks, and marketing teams evidently have not being willing to sacrifice it, despite the (justified) concerns of the security departments. This fact, coupled with the weak authentication schemes currently deployed, makes life for fraudsters easy. Paypal have tried one alternative approach – a two-factor token – but these are still vulnerable to attack. Strong security solutions, accepted both by customers and marketing, are needed to mitigate the large damages from fraud we see today.

Pingbacks:

No Pingbacks for this post yet...

This post has 4 feedbacks awaiting moderation...

About

Securing personal financial transactions online and all that comes with it: trojans and man-in-the-browser, e-banking and e-commerce, usability and scalability. By Igor Drokov, Elena Punskaya et al. at Cronto - the inventor of Visual Transaction Signing.

Search


Strict Standards: Declaration of ArchiveList::count_total_rows() should be compatible with Results::count_total_rows($sql_count = NULL) in /home/id212/public_html/blog/plugins/_archives.plugin.php on line 544