Community

Join the Community

21,979
Expert opinions
44,131
Total members
454
New members (last 30 days)
157
New opinions (last 30 days)
28,671
Total comments
Join Sign in

Are people really that gullible?

  0 3 comments
Martin Bailey
Martin Bailey
Technology Product Director
Temenos
Location
Hemel Hempstead
Followers
2
Opinions
18
Unfollow

I'm not, by nature, a suspicious man. But whenever I receive an unsolicited email from an institution with which I hold any kind of account, I resist the convenient temptation of clicking on the link in the email. I always go to my browser and type the address in myself - it's the only way to be sure.

I assumed that everyone else did the same, but apparently not. According to figures from Trusteer, the security software vendor, Phishing attacks are frighteningly common and a large number of people fall for them.

If their figures are to be believed, a staggering 45% of bank customers who are redirected to a phishing site divulge their credentials. They estimate that out of every million users, 4,700 sets of login details are lost to criminals each year. Over a 3 month period, each financial institution was targeted by 16 phishing websites each week.

Early phishing emails were laughably poor in their execution with obvious spelling errors and barely credible email addresses and yet still people fell for them. Nowadays, they have grown in sophistication and in many cases are very difficult to distinguish from the real McCoy.

It's going to take a combination of technology and education for banks to tackle this threat. Only one of the financial institutions with which I hold an account has established a protocol and explained it to me so that I can recognise a genuine email and none of them have adopted digital signing of emails.

Until action is taken, there's going to be a lot of cost and upset customers for banks to deal with.

 

External

This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.

7028
 

Share

 
 
 
 
 

Channels

/security /regulation & compliance
 

Online Banking

This community is for discussion of developments in the e-banking world, including mobile banking. This can include all the functional, business, technical, marketing, web site design, security and other related topics of Internet Banking segment, including public websites of the banks and financial institutions across the globe.

Join group

204 opinions 64 members

Comments: (3)

A Finextra member 

I can report the following: receive email alert from bank indicating over-spend (a threshold spend exceeded).  I view online banking to see that there is no sign of transactions there.  I get curious (panic).  I think it is a phishing attempt.  Call bank.  Incur time and cost.  Turns out the transactions are 'pending' and not visible to me online yet, but I still get alerted with an email (which only showed the last small txn, not the large one causing the alert before it). 

So all in order, but damn confusing.  First time I reported it as suspected phishing (heard nothing).  Second time I called.  Third time... maybe I will have learnt the deficiency.

To your point(s) - I cannot tell a real alert from a phishing one!

Melvin Haskins

Melvin Haskins Managing Director at Haston International Limited

In ten years of using internet banking I have never, ever, received a phishing attempt addressed to me by name - they are always dear customer. My bank sends e-mail addressed to me by name and also provides my postcode.

I'm quite happy with my bank security. If people are foolish enough to respond to e-mails that are not addressed to them, then they have to face the consequences.

Ketharaman Swaminathan

Ketharaman Swaminathan Founder and CEO at GTM360 Marketing Solutions

Like I'd pointed out here over a year ago, even non-gullible and technically savvy people would find it difficult to distinguish between a URL like easteroffers.mybank.com (which belongs to my bank and is therefore genuine) and another one like mybank.easteroffers.com (which does not belong to my bank and is quite likely fraudulent). So, refraining from clicking a hyperlink on an URL and instead copying and pasting the URL on the browser's address bar is not so foolproof either. IMHO, people are not as gullible as phishers are savvy. Some banks send emails to me with my name, others don't. The only foolproof counterstrategy against phishing that I could think of was for the bank to authenticate its website to the customer by displaying a preselected image at logon. I know a few banks who do it. Others should, too.

Martin Bailey
Martin Bailey
Technology Product Director
Temenos
Member since
29 Nov 2010
Location
Hemel Hempstead
Followers
2
Following
2
Opinions
18
Unfollow

Innovation and Insight in Financial Services

Stand and Deliver

Loyalty is an outdated concept

Up in smoke

Is your cloud SLA worth the paper it's written on?

See all Opinions from Martin

More expert opinions

Kyrylo Reitor

Kyrylo Reitor Chief Marketing Officer at International Fintech Business

Forex Market Regulation on the African Continent

Francesco Fulcoli

Francesco Fulcoli Chief Compliance and Risk Officer at Flagstone

National Payments Vision 2024: The UK's Vision for a World-Leading Ecosystem

1

Ruoyu Xie

Ruoyu Xie Marketing Manager at Grand Compliance

Capital Requirements Regulation (CRR): Retail Portfolio Diversification

Nkahiseng Ralepeli

Nkahiseng Ralepeli VP of Product: Digital Assets at Absa Bank, CIB.

The Stablecoin Surge: How a Chainalysis study reveals Africa’s payments revolution

1

See all opinions

External

This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.

Join the Community

21,979
Expert opinions
44,131
Total members
454
New members (last 30 days)
157
New opinions (last 30 days)
28,671
Total comments
Join Sign in

Trending

Prakash Pattni

Prakash Pattni MD, Financial Services Digital Transformation at IBM Cloud

How Fintechs and Financial Institutions Can Demonstrate Resiliency

Mouloukou Sanoh

Mouloukou Sanoh CEO and Co-Founder at MANSA

How Stablecoins are Revolutionising the Future of Payments

Brian Mahlangu

Brian Mahlangu VP Product: Digital Platforms Mobile at Absa Bank, CIB.

The Secure Fingerprint: Why Biometrics Have Become Essential for Corporate Clients

Roman Eloshvili

Roman Eloshvili Founder and CEO at XData Group

How Fintech Can Be Harnessed to Help Startups Grow

Now Hiring

All companies

Welcome to Finextra. We use cookies to help us to deliver our services. You may change your preferences at our Cookie Centre.

Please read our Privacy Policy.

Accept