The Phishing is Good -- for the Bad Guys

Symantec reports that phishing in the first six months of 2006 is up 81% over the prior six month period. More than 157,000 unique phishing messages were found. Each of these could be sent to many thousands of netizens. The reason they keep going is because a certain percentage work. Another trend seen in the data indicates that the phishers have become more sophisticated. They're learning how to bypass the spam filters and other programs designed to keep them out.

Financial institutions must be ever vigilant in educating customers and teaching employees to watch for warning signs. Advise your customers how you'll contact them, if you'll ever need to verify confidential information, how to verify a request is valid prior to responding and where you'll post any information about Internet fraud (such as your homepage) in the event they suspect something is happening and is wrong. This is especially important if you are implementing multifactor authentication.

I received an email a few days ago advising me that I needed to visit the bank's website and enter some confidential questions which will be part of their multifactor authentication. It said I haven't been to the site since they began the program. But I had, and I knew I input the questions. I verified the authenticity of the request and then discovered that I had started, but not completed their process. Had that been a phishing expedition, I can easily imagine customers running straight for it. Even though it was valid, they didn't make it easy for me to validate their email and it took almost 8 hours for them to do. It could have been better.

Make it easy for your customers to know what is happening. Knowledge is power. Knowledge is fewer losses.