Blog article
See all stories ยป

An article relating to this blog post on Finextra:

Bank of America taps Twitter

Bank of America has become the latest financial institution to tap micro-blogging site Twitter, launching a feed to provide advice and help to customers.

See article

Twitter and banks - a security minefield?

It's good to see BofA getting involved with Twitter but there do seem to be a couple of associated security concerns.

The bank is effectively using its feed as a help desk. Its man at the coalface, David Knapp, communicates through tweets with customers who are having issues with their accounts and then, it appears, normally asks for a phone number so he can give them a call to get things sorted out.

I'm sure most readers saw the news a couple of weeks ago that the Twitter accounts of a bunch of celebrities were hacked and used to post mischievous tweets. What happens if BofA gets hacked and some dastardly cybercriminal asks for a customer's phone number, makes the call and tricks them into handing over bank details?

In fact, what's to stop criminals bypassing the hacking bit and just setting up Twitter accounts in the names of banks? As far as I know, I can set up an account called Lloyds TSB and tweet away.

None of this means BofA is wrong to move into this new world - it's taken an innovative step that could genuinely benefit customers. It just needs to be aware of potential security pitfalls - there's always an unscrupulous type looking for a new scam.


Comments: (1)

Paul Penrose
Paul Penrose - Finextra - London 16 January, 2009, 17:53Be the first to give this comment the thumbs up 0 likes

The LloydsSTB twitter domain name has already gone, as have those relating to most of the other major banks. I suspect the work of some enetrprising cybersquatters, but I'd be happy to be proved wrong.

Matt White

Matt White

North America editor


Member since

27 Nov 2006



Blog posts




This post is from a series of posts in the group:

Information Security

The risks from Cyber cime - Hacking - Loss of Data Privacy - Identity Theft and other topical threats - can be greatly reduced by implementation of robust IT Security controls ...

See all

Now hiring