Skip to content

One Wrong Click - Mary Beth Guard

One Wrong Click
by Mary Beth Guard, BOL Guru

My personal scale for rating the scariness of scams ranges from "There's no way I would ever fall for that one" to "Man! I could easily have been tricked by this." A phony email I received this weekend ranked high on the "Coulda Caught Me" scale. It illustrates the sad truth that scammers are getting smarter and slicker, and that means the likelihood of your customers falling prey to their tricks grows higher every day. Much has changed since the early days when phishers could barely string together a coherent sentence and their emails were chock full of misspelled words.

Financial institutions and e-commerce companies must be proactive in order to retain the ability to effectively use email to have legitimate contact with their customers, while empowering their customers to spot counterfeit communications. This weekend's phishing email provides a great example of how that can be accomplished.

Here's what PayPal has on its Web site. (Annotations in red are ours.)



Here is the phishing email I received.



With the guidance provided on the PayPal Web site, it was easy to see this was a fake, so I didn't click the link. I did, however, forward the email to spoof@paypal.com. In return, I received an email confirming the first message was bogus, and telling me other steps I might need to take.



Even customers who may be too smart to actually type in personal information are at risk. According to an article published June 26, 2004 in The Washington Post, "A new Internet virus has surfaced that allows hackers to steal passwords, credit card numbers and other personal information when someone merely visits an infected Web site..." One wrong click. That's all it takes. Whether your customers make that click or not may depend upon how well you inform them about how to tell the difference between legitimate emails and fakes.



What Web site are you really on?
by Andy Zavoina
Knowing what website you are going to can be vital. It would be cumbersome to check each one and would drastically slow your productivity. One way to defend yourself is with spoofstick from http://www.corestreet.com. This is a free download. In Internet Explorer and Mozilla Firefox, it adds another line to your toolbar that tells you what site you are on. In the example below, it added the text "You're on paypal.com". This better validates that you are not on the hook of some phisherman when you are at a valid address. This will not protect you 100%. If you swim with the sharks, keep your eyes open and ask yourself, does that worm look like a free lunch?


RELATED LINKS to Help Make Sure Your Institution Is Up To Speed on Phishing

First published on BankersOnline.com 05/03/04

First published on 05/03/2004

Banker Store View All

From training, policies, forms, and publications, to office products and occasional gifts, it’s available here:

Banker Store

hot right now

image description

Looking for effective, convenient training on a particular subject?

BOL Learning Connect offers more than 200 courses ON-DEMAND or on CD ROM from AML to Reg Z and every topic in between.

Search Topics