[Dshield] Banks Openly Inviting Email Fraud
admin at bsbks.com
Tue Feb 24 14:30:34 GMT 2004
I think we need to clarify this a little bit. Not all financial
institutions are doing this. Only the ones trying to cut every corner to
save money by shipping this type of correspondence to a 3rd party. In my
opinion, I wouldn't have my money with someone who cuts every corner
possible. If they would do it with something as simple as an e-mail, what
else are they using the same practice with in dealing with my money. As
being the CTO for a bank, I completely agree with your observations and
concerns. I just only know one way to get your point across; take your
money away from them. That is the only way to get any financial institution
Chief Technology Officer
Bennington State Bank
From: Samantha Fetter [mailto:sama at snowplow.org]
Sent: Monday, February 23, 2004 10:08 PM
To: General DShield Discussion List
Subject: Re: [Dshield] Banks Openly Inviting Email Fraud
I never open the email, I just logon to capitalone.com to look at it :)
Nor would I had done any of the other stuff.
But, I'm also not the average user, I'm a Systems Engineer who handles
a major company's firewall/internet/extranets/proxies and then some
infrastructure... so I know better :)
But it certainly helped to illustrate your point, which was also why I
posted it. I will most certainly be contacting them regarding this and
pursue it as much as I can. It's really incredible as you point out that
a financial institution would do this.
> A couple of question:
> 1) After having received the above email, if the message had contained
> a link to go check your online statement, would you have clicked on
> it without giving it a second thought?
> 2) If the link that you clicked on had prompted you to enter your name,
> credit card number, and PIN in order to access your online statement,
> would you have done so without giving it a second thought?
> Even if you hesitated to do so, imagine how many people would have readily
> entered that information without giving any consideration to the potential
> consequences of having done so! Especially, if they just received a prompt
> dialog box with no URLs or anything else that may give an indication of a
> bogus URL in action.
> Thank you for helping me illustrate my point!
More information about the list