I don’t really need to introduce this piece from Sam Varghese of the Sydney Morning Herald. It touches on a theme I’ve harped on before: How banks still don’t understand phishing and how it has changed consumer attitudes, and how it must change the way banks approach the Internet.
Phishy behaviour or harmless spin points to emails sent out by Westpac banks, which contain “four links, none of which goes to a secure link, nor to the main Westpac site.
Asked why the bank still sent emails despite the prevalence of online scams, a Westpac spokesman said the bank thought it was a “good idea.””
I work for a bank. A while back, I got into a beef with IT because they started blocking Bugmenot.com. Reason? “It causes phishing.” After talking to a lot of people in IT, it became clear they had no idea what phishing was and the only answer I got that wasn’t a mumble was “a kind of web based attack.” For them, it has simply come to represent an umbrella term for any kind of criminal activity using the internet. Given the lack of education, they are able to say “this may cause phishing” (used more than once) and nobody will question them further. It’s like a magic wand that stupifies management. But as you point out, when they don’t know what it is, they don’t understand how blocking Bugmenot doesn’t stop it and how sending out stupid e-mails assists it.