20 August 2017
Martin Bailey

Martin Bailey

Martin Bailey - Temenos

18Posts 67,383Views 8Comments
Online Banking

Online Banking

This community is for discussion of developments in the e-banking world, including mobile banking. This can include all the functional, business, technical, marketing, web site design, security and other related topics of Internet Banking segment, including public websites of the banks and financial institutions across the globe.

Are people really that gullible?

11 September 2012  |  5847 views  |  3

I'm not, by nature, a suspicious man. But whenever I receive an unsolicited email from an institution with which I hold any kind of account, I resist the convenient temptation of clicking on the link in the email. I always go to my browser and type the address in myself - it's the only way to be sure.

I assumed that everyone else did the same, but apparently not. According to figures from Trusteer, the security software vendor, Phishing attacks are frighteningly common and a large number of people fall for them.

If their figures are to be believed, a staggering 45% of bank customers who are redirected to a phishing site divulge their credentials. They estimate that out of every million users, 4,700 sets of login details are lost to criminals each year. Over a 3 month period, each financial institution was targeted by 16 phishing websites each week.

Early phishing emails were laughably poor in their execution with obvious spelling errors and barely credible email addresses and yet still people fell for them. Nowadays, they have grown in sophistication and in many cases are very difficult to distinguish from the real McCoy.

It's going to take a combination of technology and education for banks to tackle this threat. Only one of the financial institutions with which I hold an account has established a protocol and explained it to me so that I can recognise a genuine email and none of them have adopted digital signing of emails.

Until action is taken, there's going to be a lot of cost and upset customers for banks to deal with.


TagsSecurityRisk & regulation

Comments: (3)

A Finextra member
A Finextra member | 12 September, 2012, 13:43

I can report the following: receive email alert from bank indicating over-spend (a threshold spend exceeded).  I view online banking to see that there is no sign of transactions there.  I get curious (panic).  I think it is a phishing attempt.  Call bank.  Incur time and cost.  Turns out the transactions are 'pending' and not visible to me online yet, but I still get alerted with an email (which only showed the last small txn, not the large one causing the alert before it). 

So all in order, but damn confusing.  First time I reported it as suspected phishing (heard nothing).  Second time I called.  Third time... maybe I will have learnt the deficiency.

To your point(s) - I cannot tell a real alert from a phishing one!

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Melvin Haskins
Melvin Haskins - Haston International Limited - | 13 September, 2012, 08:55

In ten years of using internet banking I have never, ever, received a phishing attempt addressed to me by name - they are always dear customer. My bank sends e-mail addressed to me by name and also provides my postcode.

I'm quite happy with my bank security. If people are foolish enough to respond to e-mails that are not addressed to them, then they have to face the consequences.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune | 13 September, 2012, 16:27

Like I'd pointed out here over a year ago, even non-gullible and technically savvy people would find it difficult to distinguish between a URL like easteroffers.mybank.com (which belongs to my bank and is therefore genuine) and another one like mybank.easteroffers.com (which does not belong to my bank and is quite likely fraudulent). So, refraining from clicking a hyperlink on an URL and instead copying and pasting the URL on the browser's address bar is not so foolproof either. IMHO, people are not as gullible as phishers are savvy. Some banks send emails to me with my name, others don't. The only foolproof counterstrategy against phishing that I could think of was for the bank to authenticate its website to the customer by displaying a preselected image at logon. I know a few banks who do it. Others should, too.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Comment on this story (membership required)

Latest posts from Martin

Innovation and Insight in Financial Services

07 April 2014  |  2786 views  |  0 comments | recomends Recommends 0 TagsMobile & onlineInnovationGroupInnovation in Financial Services

Stand and Deliver

26 March 2013  |  3007 views  |  1 comments | recomends Recommends 0 TagsRisk & regulationRetail bankingGroupTransaction Banking

Loyalty is an outdated concept

30 January 2013  |  4896 views  |  2 comments | recomends Recommends 0 TagsSibosRetail bankingGroupInnovation in Financial Services

Up in smoke

18 December 2012  |  4280 views  |  0 comments | recomends Recommends 0 TagsMobile & onlinePaymentsGroupBanking Architecture

Are people really that gullible?

11 September 2012  |  5847 views  |  3 comments | recomends Recommends 0 TagsSecurityRisk & regulationGroupOnline Banking

Martin's profile

job title Technology Product Director
location Hemel Hempstead
member since 2011
Summary profile See full profile »
Temenos products make banks more profitable. My job in running Enterprise Technology is to make sure that those products work on every commercially viable platform and that technology delivers everyth...

Martin's expertise

Member since 2010
18 posts8 comments
What Martin reads
My personal blog
Martin's blog archive
2014 (1)2013 (2)2012 (9)2011 (6)

Who's commenting on Martin's posts