Why Banks Make It Harder To Play Safe
This just landed in my inbox: more proof, if it were needed, that banks are dumber than a sack of nails when it comes to security. Or they just don’t care:
The email comes ostensibly from HSBC’s Singapore office. But it’s actually mailed by 8rewardsroad.com, a Singapore-based marketing company with a somewhat dodgy website. (As in the pages don’t seem to load without Flash and some pretty awful stuff.) They claim among their clients HSBC and OCBC, another Singapore bank. In other words, no easy way to tell whether the email is really from the bank or not.
The email itself offers up to $S400 per customer, though reading the fine print you—and the person you’re referring–have got to jump through a lot of hoops first.
But that’s not the beef. The beef is that this could so easily be a phishing scam. And even though it’s not, the fact that a bank is sending these emails out contradicts its claims that it won’t communicate by email with customers except to send them notifications of e-statements and other obvious forms of communication. Getting emails like this just lowers customers’ guard. And the tempting element, with the red Refer now button prominently displayed twice on the email, doesn’t help matters.
Worse, if you click on that link you go to a website www.apps.asiapacific.hsbc.com – which to the uninitiated could be any website, and is definitely not the hsbc.com.sg that the bank’s Singapore customers usually go to. There, referring customers are asked to give a lot of detail about themselves, and the person they’re referring, including what kind of bank account they have, their passport/ID number, their banking relationship manager, etc etc. Enough for a social engineer to get somewhere with.
I despair that banks will get the security thing. I really don’t think they care. They certainly don’t seem to care enough to stop their marketing department putting out toxic trash like this.
- Click to share on Twitter (Opens in new window)
- Click to share on Facebook (Opens in new window)
- Click to share on Google+ (Opens in new window)
- Click to share on Pocket (Opens in new window)
- Click to share on Pinterest (Opens in new window)
- Click to share on Telegram (Opens in new window)
- Click to share on Tumblr (Opens in new window)
- Click to share on Reddit (Opens in new window)
- Click to print (Opens in new window)
- Click to email this to a friend (Opens in new window)
- Click to share on WhatsApp (Opens in new window)
- Share on Skype (Opens in new window)
15. March 2011 by jeremy
Categories: Security | Tags: bank, bank account, banking relationship manager etc etc, Banks, e-statements, Finance, guard, HSBC, HSBC Holdings PLC, Investment, Oversea-Chinese Banking Corporation, Oversea-Chinese Banking Corporation Limited, phishing, Singapore, social engineer | Comments Off on Why Banks Make It Harder To Play Safe