funsec mailing list archives
RE: bankone/chase non-scam
From: Larry Seltzer <Larry () larryseltzer com>
Date: Wed, 29 Nov 2006 07:49:24 -0500
We (PCMag) tell them if they get an e-mail from a vendor or a bank
or
whatever and they're curious about it to go to the site through
their
Not good enough. You're putting the burden on the user - you're expecting her to be curious about it, and why should she?
They're really separate issues, aren't they? The question is what does the user do if a suspicious e-mail makes it through to their inbox. They have to make a decision.
normal bookmark or by typying in the URL and to check their account
on
the site that way.
That's good advice. Do you also tell them, if that doesn't reveal a problem, that they shouldn't then click on the link in the email? Or do you regard that as too obvious to mention?
We say never click on links in e-mails from merchants/banks, etc. Instead go to the web site through your bookmarks, etc.
You might be able to ascertain that with 99% certainty, but Aunty Gi can't. She should tell her bank that all communications with her
should be on paper.
The problem is, the banks aren't sophisticated enough to use computers
to
communicate with their customers.
Aunty Gi may end up not being able to access her accounts online for a few days because of such a policy. There are things banks can do to authenticate themselves in e-mail. A message I got from Bank of America last night, notifying me of a direct deposit into an account, was individually addressed to me by name and e-mail address, identified the account by the last four digits of the account number, and all of the information in it could be confirmed by logging into the account through other means. There were no links in the message except to standard landing pages like www.bankofamerica.com. Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blog.eweek.com/blogs/larry%5Fseltzer/ Contributing Editor, PC Magazine larryseltzer () ziffdavis com _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- RE: bankone/chase non-scam, (continued)
- RE: bankone/chase non-scam Larry Seltzer (Nov 28)
- RE: bankone/chase non-scam Gadi Evron (Nov 28)
- RE: bankone/chase non-scam Larry Seltzer (Nov 28)
- RE: bankone/chase non-scam Gadi Evron (Nov 28)
- RE: bankone/chase non-scam Larry Seltzer (Nov 28)
- Re: bankone/chase non-scam Dennis Henderson (Nov 28)
- RE: bankone/chase non-scam Drsolly (Nov 29)
- Re: RE: bankone/chase non-scam Valdis . Kletnieks (Nov 29)
- Re: bankone/chase non-scam Paul Vixie (Nov 29)
- RE: bankone/chase non-scam Drsolly (Nov 29)
- RE: bankone/chase non-scam Larry Seltzer (Nov 29)
- RE: bankone/chase non-scam Drsolly (Nov 29)
- RE: bankone/chase non-scam Larry Seltzer (Nov 29)
- RE: bankone/chase non-scam Drsolly (Nov 29)
- RE: bankone/chase non-scam Gadi Evron (Nov 29)
- RE: bankone/chase non-scam Larry Seltzer (Nov 29)
- Re: RE: bankone/chase non-scam der Mouse (Nov 29)
- Re: bankone/chase non-scam Paul Vixie (Nov 29)
- RE: bankone/chase non-scam Nick FitzGerald (Dec 10)
- Re: bankone/chase non-scam Brian Loe (Dec 11)