[Dshield] Banks Openly Inviting Email Fraud

Darren Gragg admin at bsbks.com
Tue Feb 24 14:30:34 GMT 2004


I think we need to clarify this a little bit.  Not all financial
institutions are doing this.  Only the ones trying to cut every corner to
save money by shipping this type of correspondence to a 3rd party.  In my
opinion, I wouldn't have my money with someone who cuts every corner
possible.  If they would do it with something as simple as an e-mail, what
else are they using the same practice with in dealing with my money.  As
being the CTO for a bank, I completely agree with your observations and
concerns.  I just only know one way to get your point across;  take your
money away from them.  That is the only way to get any financial institution

Darren Gragg
Chief Technology Officer
Bennington State Bank

-----Original Message-----
From: Samantha Fetter [mailto:sama at snowplow.org] 
Sent: Monday, February 23, 2004 10:08 PM
To: General DShield Discussion List
Subject: Re: [Dshield] Banks Openly Inviting Email Fraud


I never open the email, I just logon to capitalone.com to look at it :)
Nor would I had done any of the other stuff.

But, I'm also not the average user, I'm a Systems Engineer who handles
a major company's firewall/internet/extranets/proxies and then some
infrastructure... so I know better :)

But it certainly helped to illustrate your point, which was also why I
posted it.  I will most certainly be contacting them regarding this and
pursue it as much as I can.  It's really incredible as you point out that
a financial institution would do this.

Thanks again,

> A couple of question:
>  1) After having received the above email, if the message had contained
>     a link to go check your online statement, would you have clicked on
>     it without giving it a second thought?
>  2) If the link that you clicked on had prompted you to enter your name,
>     credit card number, and PIN in order to access your online statement,
>     would you have done so without giving it a second thought?
> Even if you hesitated to do so, imagine how many people would have readily
> entered that information without giving any consideration to the potential
> consequences of having done so! Especially, if they just received a prompt
> dialog box with no URLs or anything else that may give an indication of a
> bogus URL in action.
> Thank you for helping me illustrate my point!

More information about the list mailing list