Just how dumb do you think I am?

No that is not a rhetorical question.

I received some email purporting to be from Bank of America. It is my bank, so it is possible. The email said that some customers had received a fraudulent email claiming to be from Bank of America asking them to update their Online Banking details.

The email then proceeded to introduce their new secure SSL server and asked you to – you guessed it – click a link to update your Online Banking details. Now would you have noticed that this was phishing attempt?

A recent study at Harvard and Berkeley entitled Why phishing attacks work (PDF) found that 23% of people would not have noticed:

"We found that 23 per cent of the participants did not look at browser-based cues such as the address bar, status bar and the security indicators, leading to incorrect choices 40 per cent of the time," the researchers reports. "We also found that some visual deception attacks can fool even the most sophisticated users."

I tend to look at these things pretty carefully, and beside the fact that the link didn’t go to Bank of America, this paragraph was a dead giveaway:

We have asked few additional information which is going to be the part of secure login process. These additional information will be asked during your future login security so, please provide all these info completely and correctly otherwise due to security reasons we may have to close your account temporarily.

There is good reason to worry. If these people ever take a grammar course we could all be in trouble.

I feel pretty safe though because I generally don’t trust email. The other day I received an email from American Express about some suspicious activity on my card. When I called the number in the email I asked how I could be sure it was American Express. The young lady suggested I call the number on the back of my card. I did and was directed to the fraud department, who had already resolved the problem and were just letting me know, and would overnight me a new card. As an aside, how is it that American Express can always answer on the first ring and I never have to wait? It’s always a pleasure calling them.

So where email is concerned I find that it is always better to be a little skeptical.

Technorati:

Powered by Bleezer

One thought on “Just how dumb do you think I am?

  1. One way to combat this problem is for people to start visiting those phishing sites and to enter account and password information. Just make sure you don’t enter valid information.

    Bury them in bad data. I wonder if that would work?

Leave a Reply