With half of the Internet users in the UK now banking online (UK Payments Administration, Jan 2010), it’s hardly surprising that phishing
is on the rise. As new customers migrate to more convenient banking processes, the number of potential targets for phishers grows each week.
I’m a victim of
phishing attacks each week, but as part of an antiphishing working group, I know better than to click on the links offered in my “Account Suspended” notice or “Security Upgrade” message.
The scary fact is that not everyone can detect the difference between a real email from their bank and a fraudulent one.
One reason for this problem is that banks have been systematically terrible at educating their clients (especially new and young ones) about
how to recognise authentic banking emails and how to identify phishing attempts.
For years many banks stopped sending emails to their clients, only to have the phishers increase their activity to fill the gap. Without valid, authentic emails to compare to, increasing numbers of customers were being tricked into clicking on links in an email
and providing their login and password details to fraudsters.
The key is NOT TO STOP sending emails but to SEND MORE email. More regular, authenticated, validated email that educates users on what to expect in emails sent to them by their bank and allowing them to spot the phishing emails a mile away.
If I understand what to look for in a real Rolex watch, I won’t be duped into buying a fake one. The same principle applies to emails – banks need to educate their clients in
what to expect when receiving an email from the bank. These features will be predominately visual as that is how people work, but should include partial customer data that the phishers can never amass for any size database. Alternative authentication including
technical methods such as SPF and DKIM as well as
digital signatures can be combined to make email the trusted communication tool it needs to be.
Phishing is a reality in today’s connected economy, but we can combine technology and education to make it less and less economically viable for the fraudsters to phish our banks.