About

My Photo

Adsense


Add to Google Reader or Homepage

Subscribe in Bloglines

Subscribe in one go

  • Subscribe to RSS Feed

Your email address:


Powered by FeedBlitz

Google reader

Software worth checking out

  • ActiveWords
    Do everything without leaving the keyboard
  • Anagram
    Translates copied text into Contact, Calendar, Task, and Note items for Outlook, Palm etc
  • BlogJet
    Weblog client for Windows that allows you to manage your blog without opening a browser.
  • ConnectedText
    Intriguing Wiki-based organiser
  • Copernic Desktop Search
    Great alternative to Google's or Microsoft's offering for searching your PC. Simple and unobtrusive
  • Courier Email
    Great email program
  • DtSearch
    Text Retrieval / Full Text Search Engine
  • ExplorerPlus
    Organize and manage all your system files and folders
  • Gmail
    Webmail that really works. Great for catching spam too.
  • Google Deskbar
    Search with Google from any application without lifting your fingers from the keyboard.
  • Google Earth
    Zip around the planet and see things differently
  • Google Reader
    Best online RSS reader I think there is out there
  • Jot+
    store all of your notes and information in an easy-to-use outline
  • Local Cooling
  • Mindjet
    The mindmapper of choice.
  • MSGTAG - MessageTag
    Email receipt alert
  • MyInfo
    free-form information organizer
  • NoteStudio
  • NoteTab
    Great text and HTML editor
  • Omea Reader
    Good RSS feedreader
  • PersonalBrain
    If you've ever wanted to organise your information in a way that's different, try this. Worth spending time on mastering
  • Process Explorer
    Not too geeky way to figure out what software is slowing down your computer. Just keep it running for a while and the culprit will become obvious.
  • Safari
    Surprisingly fast browser -- and for Windows too.
  • Skype
    Dump those phone bills
  • SpaceMonger
    Keep track of the free space on your computer via treemaps
  • Stick
    Post-It note-like tabs to store text, folders etc that cling to the edge of your screen
  • SuperNotecard
    Great for authors and writers organizing their thoughts
  • TaskTracker
    Lists recent documents by type for easy access
  • Text Monkey
    Easily clean copied text
  • Trillian IM Clients
    Gathers all your instant messaging accounts in one window

« This week's column - Visualizing Tools | Main | A Phishing Worm »

May 29, 2004

Phishing, And Some Advice

I was just reading the new publication put out by the U.S. Financial and Banking Information Infrastructure Committee and the Financial Services Sector Coordinating Council on "Lessons Learned by Consumers, Financial Sector Firms, and Government Agencies during the Recent Rise of Phishing Attacks" (PDF here, page on Treasury website here). A rather wordy title for a document that to me is rather thin on specifics.

In short, there's not much here people don't know already. And there are some bits of poor advice. One for banks and other institutions whose customers are being phished: "Contact consumers by e-mail or postal mail warning them not to respond to suspicious e-mails. Remind consumers of the firm’s or agency’s official policy of not soliciting sensitive information through an e-mail." How exactly is sending an email going to help? A lot of phishing emails use exactly this ruse to get the target to check in to their fake website, suggesting they suspect their account has been compromised, or something. I'd say now is the time to spend some cash on doing a proper mailing to all customers using the postal service. Now is not the time for more emails saying 'Beware of scams. By the way this is a not a scam'.

Anyway, here are three of my own suggestions for banks to build trust with customers and minimise further confusion about what is genuine and what is phishy:

  • Don't be tempted to fire pop-up ads at them when they visit your website, like one U.S. bank I know of, because pop-up ads can legally be hijacked by other companies like WhenU, which means they can also be hijacked by scammers.
  • Don't outsource your marketing to email marketers, like the Singapore arm of one U.S. bank I've written about here before, who then send out dubious unsolicited emails inviting me to open a new Premium Deposit …and enjoy a potentially higher interest rate on your money AND a S$10 Tangs shopping voucher for every US$10,000 invested. What's to stop a phisher mimicking the same email and then luring someone to a kosher-looking website, asking them to submit some personal data about, say their existing Internet account at another bank, and then directing them to the real website?
  • Don't give customers an extra screen of ads for other services after they've logged out which uses cute but confusing language - one Hong Kong-based bank I visited the other day said something like 'You've logged out but you haven't logged off' and then proceeded to offer the customer some more services. A lot of customers are going to be confused about that. And what for? Just to sell them a few extra services?  

All bad practice, and I think if anyone is going to draw up a 'lessons drawn' note it should be along those lines: specific, cautionary, and at least trying to anticipate the way this war on scamming may go.  

Posted on May 29, 2004 in E-commerce, Scams, Security |

Digg This | Save to del.icio.us

Comments

The comments to this entry are closed.

Loose Wire search

Regulars

Recent Posts

Recent Comments

Categories

Subscribe to my Podcast

Eco-Safe

Categories

Rank

  • Wikio - Top Blogs - Technology
Blog powered by TypePad
Member since 12/2003

A Directory of...

ten mov.es

tenminut.es