Slashdot Mirror


Fishing for Phishers

mleachpdx writes "This blog entry probes into the details of an online banking phishing scam and suggests some fraud deterrence and detection measures."

5 of 152 comments (clear)

  1. ways to prevent online fraud? by Anonymous Coward · · Score: 5, Insightful

    why not give consumers one time access (through pads)?
    This is done in Japan and works well there. Maybe consumers here would lose their card? The card isnt electronic its just card with pin numbers that you scratch off each time you use the PIN number.

    Banks should STRONGLY educate consumers to never expect emails from the bank that contain links.

  2. The wrost ones are... by ScooterBill · · Score: 4, Insightful

    The EBay request to verify account information. I've received this several times. Perhaps the financial institutions don't do much because a small country in Africa isn't going to let U.S. law enforcement take care of the problem. Too much corruption is usually the case.

    The maxim I always use is: The company that holds your account never needs to ask you for your password since they already have it.

    Something many probably don't know is that your local police dept. probably has a high tech crimes unit. They will investigate and prosecute illegal activites like snooping around your company network. They can be very helpful.

  3. Enough Already. by xanadu-xtroot.com · · Score: 4, Insightful

    Enough already with this "a blog entry says" stuff. Can we please get some ACTUAL news on this site and not just someone's rantings on a BB? Is that too much to ask?

    --
    I'm not a prophet or a stone-age man,
    I'm just a mortal with potential of a super man.
  4. Re:Solution: You authorise the bank first by legirons · · Score: 4, Insightful

    "When you sign up, the bank asks you for your 'personalised code', and that will be displayed in every email you recieve from the bank. If you dont see that code in your email, or it's wrong, you know its fraudulent."

    And this code would be sent through which secure email-delivery system exactly? Plaintext SMTP on the internet, like all the other emails from your bank?

    Hell, banks don't even sign their emails. Many of them don't even know what PGP is. How many of us have had conversations with our banks along the lines of:?

    You: I just got an email purporting to be from you

    Bank: Yes, that's right

    You: So how do I know it's real without phoning you

    Bank: Because it's got our name in the From field

    You: Did you ever consider signing your emails

    Bank: OUR INTERNET IS SECURE, WE USE HTTPS WEBSITE!!!

  5. Re:Here is a good rule of thumb: ignore them 100% by gelfling · · Score: 3, Insightful

    Nonsense. Before there were computers there were credit card companies and banks. If they called you up asking you to verify information they're supposed to have you'd be an idiot to give them that info.

    There is little new under the sun. Just because we give it an incredibly lame 1337 name; "PHishing" doesn't mean it's not a hundred year old con game.