Community

Join the Community

21,421
Expert opinions
43,560
Total members
321
New members (last 30 days)
129
New opinions (last 30 days)
28,475
Total comments
Join Sign in

Are people really that gullible?

3 comments
Martin Bailey
Martin Bailey
Technology Product Director
Temenos
Location
Hemel Hempstead
Followers
1
Opinions
18
Unfollow

I'm not, by nature, a suspicious man. But whenever I receive an unsolicited email from an institution with which I hold any kind of account, I resist the convenient temptation of clicking on the link in the email. I always go to my browser and type the address in myself - it's the only way to be sure.

I assumed that everyone else did the same, but apparently not. According to figures from Trusteer, the security software vendor, Phishing attacks are frighteningly common and a large number of people fall for them.

If their figures are to be believed, a staggering 45% of bank customers who are redirected to a phishing site divulge their credentials. They estimate that out of every million users, 4,700 sets of login details are lost to criminals each year. Over a 3 month period, each financial institution was targeted by 16 phishing websites each week.

Early phishing emails were laughably poor in their execution with obvious spelling errors and barely credible email addresses and yet still people fell for them. Nowadays, they have grown in sophistication and in many cases are very difficult to distinguish from the real McCoy.

It's going to take a combination of technology and education for banks to tackle this threat. Only one of the financial institutions with which I hold an account has established a protocol and explained it to me so that I can recognise a genuine email and none of them have adopted digital signing of emails.

Until action is taken, there's going to be a lot of cost and upset customers for banks to deal with.

 

Sponsored

This content has been created by the Finextra editorial team with inputs from subject matter experts at the funding sponsor.

6975

Share

 
 
 
 
 

Channels

/security /regulation & compliance
 

Online Banking

This community is for discussion of developments in the e-banking world, including mobile banking. This can include all the functional, business, technical, marketing, web site design, security and other related topics of Internet Banking segment, including public websites of the banks and financial institutions across the globe.

Join group

204 opinions 62 members

Comments: (3)

A Finextra member 

I can report the following: receive email alert from bank indicating over-spend (a threshold spend exceeded).  I view online banking to see that there is no sign of transactions there.  I get curious (panic).  I think it is a phishing attempt.  Call bank.  Incur time and cost.  Turns out the transactions are 'pending' and not visible to me online yet, but I still get alerted with an email (which only showed the last small txn, not the large one causing the alert before it). 

So all in order, but damn confusing.  First time I reported it as suspected phishing (heard nothing).  Second time I called.  Third time... maybe I will have learnt the deficiency.

To your point(s) - I cannot tell a real alert from a phishing one!

Melvin Haskins

Melvin Haskins Managing Director at Haston International Limited

In ten years of using internet banking I have never, ever, received a phishing attempt addressed to me by name - they are always dear customer. My bank sends e-mail addressed to me by name and also provides my postcode.

I'm quite happy with my bank security. If people are foolish enough to respond to e-mails that are not addressed to them, then they have to face the consequences.

Ketharaman Swaminathan

Ketharaman Swaminathan Founder and CEO at GTM360 Marketing Solutions

Like I'd pointed out here over a year ago, even non-gullible and technically savvy people would find it difficult to distinguish between a URL like easteroffers.mybank.com (which belongs to my bank and is therefore genuine) and another one like mybank.easteroffers.com (which does not belong to my bank and is quite likely fraudulent). So, refraining from clicking a hyperlink on an URL and instead copying and pasting the URL on the browser's address bar is not so foolproof either. IMHO, people are not as gullible as phishers are savvy. Some banks send emails to me with my name, others don't. The only foolproof counterstrategy against phishing that I could think of was for the bank to authenticate its website to the customer by displaying a preselected image at logon. I know a few banks who do it. Others should, too.

Martin Bailey
Martin Bailey
Technology Product Director
Temenos
Member since
29 Nov 2010
Location
Hemel Hempstead
Followers
1
Following
2
Opinions
18
Unfollow

Innovation and Insight in Financial Services

Stand and Deliver

Loyalty is an outdated concept

Up in smoke

Is your cloud SLA worth the paper it's written on?

See all Opinions from Martin

More expert opinions

Gabriel Hopkins

Gabriel Hopkins Chief Product Officer at Ripjar

Gen AI: A helping artificial hand for compliance teams

Henrik Grim

Henrik Grim CEO and Co-founder at Mimo

How to Solve a Problem Like SMB Finance? A Roadmap to Fixing Late Payments in the UK

Grigorii Alekseev

Grigorii Alekseev Software Development Engineer at Revolut

Optimising Java Applications in Fintech: A Guide to Performance Tuning and Scalability

Steve Wilcockson

Steve Wilcockson Product Marketing at Quantexa

How a Contextual Data Fabric Delivers Better Financial Services Outcomes

See all opinions

External

This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.

Join the Community

21,421
Expert opinions
43,560
Total members
321
New members (last 30 days)
129
New opinions (last 30 days)
28,475
Total comments
Join Sign in

Trending

Konstantin Rabin

Konstantin Rabin Head of Marketing at Kontomatik

Where can PayPal expand next?

Denys Boiko

Denys Boiko Founder at Erglis

How Big Data Helps Investors Make Better Decisions

Michael Zetser

Michael Zetser CEO at Flyfish

From Innovation to Implementation: AI, Blockchain, and Fintech Regulation

Jamel Derdour

Jamel Derdour CMO at Transact365 / Nucleus365

The Future of Embedded Finance Solutions in the UK

Now Hiring

All companies

Welcome to Finextra. We use cookies to help us to deliver our services. You may change your preferences at our Cookie Centre.

Please read our Privacy Policy.

Accept