Gone Phishing?
Zastrossi writes "According to the Anti-Phishing Working Group, phishing sites--the practice of making sites that look and act like popular sites such as banks in order to steal personal information from customers--rose from 543 sites in September to 1,142 sites in October. Gartner reports that phishing scams cost banks and credit-card companies $10.2 billion."
Not to mention it just gives the attackers more information to ask the attackees. They just have to create sites that ask for SSNs and ZIPs and stuff, on top of everything else. With that additional information the attackers'll have an even easier time stealing! Way to go ING :)
Hmmm ... the number of "sites" found doubled just when Google doubled its index size...
My bank doesn't have my email address. Give them a throwaway email address when registering online, then delete the address. All the mail to that account would bounce, and the bank has other (non phishable) ways to contact me if needed.
I can't click a false hyperlink in a printed letter.
Click here for a free picture of an iPod!
It does seem to be yet another shift of burden of proof onto the consumer though, does it not?
Have you noticed all the online banking EULA's with specific "you're liable for anything until you report your password as breached"? Much in the same way as "Chip and Pin" here in the UK, the shift in the responsibility of fraud onto the customer of these systems is designed for the benefit of the BANKS, any benefit to you is a secondary concern and it seems to be that its actually to your detriment in many cases.
Interestingly, who is it that oversees the fraud of these systems to determine whether they're secure or not? Why, it's the same banks that run them. Hardly independent or unbiased now, is it? That's like asking Adobe, "is your PDF encryption secure?" Hmm, what do you think... *cough* ROT-13 *cough*
Let's use an example of something like Chip and Pin, where instead of a signature you type in a pin along with your credit card transaction. This is vulnerable to multiple attacks, e.g. shoulder-surfing: say someone watches your pin, then steals your card and goes on a shopping spree -- the transactions are all valid as they had the correct pin, so YOU are responsible for this loss. Compare this to the old signature method, they might fool the store cashier, but when you report it you get your money back -- problem is, it's costly for the credit card companies to check and they (or the retailer) ends up paying out. The cost and burden of proof is on THEM, and they don't like that. Other examples of abuse would include dummy card readers and pin input devices, corrupt shops who capture pins, etc. For an interesting discussion on this see here:
http://toothycat.net/wiki/wiki.pl?ChipAndPin
So, while I totally agree that users have to bear a certain amount of responsibility, much in the same way as Chip and Pin, until internet banking can be made more secure *by the banks themselves* to the extent that phishing scams and other fraudulent methods are overcome AND the burden of proof is *kept with the banks* then I, for one, will not use them. (Removes tin-foil hat!)
Come now, these are the same motherfuckers who send seniors $5 checks which, when cashed, enroll them into some credit protection program / yellow pages listing service that costs $10 a month.
Of course the "terms and conditions" were written on the inside of the envelops (i.e. on the envelope itself) and the AG has to step in to put a stop to it.
I had a credit card company who used to try to pull this sort of shit all the time - the due dates were set to sundays or holidays (changed every couple of months), the payment address changed every couple of months and, for some strange reason, it took about 13-15 days for them to "receive" payments (and usually another 2 days to "process". The checks weren't being sent to fucking Rwanda, but from Oregon to Utah / California / Nevada. Blind mail is faster. Mysterious fees would be added and re-added, apparantly with my consent. Membership points / air miles would vanish.
Their collections people would be happy to call you repeatedly even though your bank told you they cashed your check 4-5 days ago.
And it went on and on and on.
Sure, it was fun to abuse the agents for a while, but it got old pretty fucking quick.
The damndest thing was the company was decent for a while, and all of a sudden they changed.
I suppose one or two screwups on their part could be attributed to incompetence or a one time screwup, but there are limits.
I could walk away, and I did - but I'm sure many people couldn't. I know a home loan isn't the same as a credit card, but you presume that they aren't going to act like Guidos.
I think this is also less about the person's greed - It is assumed that you're going to have to borrow a significant amount of money (not many people buy a house outright), but I don't think it is reasonable to assume that a credit card company is going to be a bunch of vicious greedy assholes when you sign up. It's one of those unwritten rules.
Rules that are eventually broken and result in "Pussification Legislation" being passed by the state's AG.
Anyways...
1q2w3e4r5t6y7u8i9o0pqawsedrftgthyjukilo;p'azsxdcf