RE: bankone/chase non-scam

[Drsolly <drsollyp () drsolly com>]

On Tue, 28 Nov 2006, Larry Seltzer wrote:

> > > People should be told that all emails purporting to come from banks
> are to be ignored, and then banks have to find another way to
> communicate with their customers.
>
> > > My bank uses bits of paper.
>
> We (PCMag) tell them if they get an e-mail from a vendor or a bank or
> whatever and they're curious about it to go to the site through their

Not good enough. You're putting the burden on the user - you're expecting 
her to be curious about it, and why should she?

> normal bookmark or by typying in the URL and to check their account on
> the site that way.

That's good advice. Do you also tell them, if that doesn't reveal a 
problem, that they shouldn't then click on the link in the email? Or do 
you regard that as too obvious to mention?
 
> The e-mails Paul sends are sort of lame, but the only link in them goes
> to www.chase.com and I don't see how they could be used in a scam. It
> sounds like the user needs a new activation code; if they go to the site
> they will be prompted for it.

You might be able to ascertain that with 99% certainty, but Aunty Gi 
can't. She should tell her bank that all communications with her should be 
on paper.

The problem is, the banks aren't sophisticated enough to use computers to 
communicate with their customers.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.