There is a thin line between a phishing email and a genuine email from a bank. So thin in fact that Citibank customers mistakenly took legitimate emails generated by the bank for a phishing
scam. In this context, security outfit Sophos commented that there is an alternative to banks disallowing email messages completely in order to stop delivering a temptation for phishers. Sophos advises increased security and consistent messaging policies in order to distinguish legitimate emails from phishing attacks.
"The email in question described a new sign-on procedure that guaranteed customers even more security. Customers were asked to update their log-ins by going to Citibank's web site, and entering their ATM number, pin and account number…all well-known signs of a phishing scam. Citibank's request contradicted itself with a warning written at the bottom of the message stating that the bank would never ask customers for such information via email," reads a press release from Sophos.
There is though an element that banks cannot control. No matter what security measures the banking industry manages to set up, the human element associated with social engineering schemes and phishing attacks will always be an exploitable link.
"58 percent of business PC users receive at least one phishing email each day, while, alarmingly, 22 percent receive more than five a day, according to a recent web poll conducted by Sophos," said Ron O'Brien, Sophos' senior security analyst. "Those numbers, combined with today's more strategically targeted attacks, leave little room for error. If financial institutions have proper network security in place and are consistent in their messaging, customers will not have to guess whether they are dealing with a phishing attack."
Find us on Google+
No user comments yet.
Be the first to express your opinion!
