Frontline in phishing and online fraud still expanding

By George V. Hulme
As some consumers play a growing role in the fight against online fraud and phishing, others need more education on the problem. That’s the bottom line from a panel discussion that included risk managers from Bank of America, JP Morgan Chase, and PayPal.

As some consumers play a growing role in the fight against online fraud and phishing, others need more education on the problem. That’s the bottom line from a panel discussion that included risk managers from Bank of America, JP Morgan Chase, and PayPal.

Consider the experience of Bank of America with its both praised and sometimes maligned implementation of Sitekey as a way to combat phishing attacks. David Shroyer VP, Product Manager, eCommerce Channel Services, Bank of America, noted that four years after the implementation of Sitekey, “Customers are sending in notes about phishing sites they identify. And many are identifying them as phishing sites because they don’t see their sitekey on the site.”

That’s better news on Sitekey than I would have expected. It seems to me to be a full waste of time. I don’t click on links within emails, and always go straight to any credit card or banking Web site. Just seems like common sense.

Yet, while Sitekey may have helped customers better identify phishing sites, the fraudsters, all financial service providers agreed, have likewise improved their tactics. Fraudsters are now not only hitting consumers with more professional looking e-mails, they’re also hitting consumers with more sophisticated malware.

And this increased malware component of phishing attacks makes it all the more important to be able to shut down phishing Web sites as quickly as they pop up. And, Shroyer said that is exactly what Bank of America is striving to do. And, instead of displaying a 404 page error when the site is taken down by the hosting provider, Stroyer sees that as a key opportunity to teach users that they were led to a phishing site. “It’s a teachable moment, it’s an opportunity to explain to the user on that Web page that they had been phished, and by merely visiting the Web site that their systems could be compromised,” he said.

It’s interesting that banks and financial services firms now have to play the role of IT security educator. But they’re in the perfect place to do it, and they have the financial and customer service motivation to do so.

Suggested articles

It’s Not the Trump Sex Tape, It’s a RAT

Criminals are using the end of the Trump presidency to deliver a new remote-access trojan (RAT) variant disguised as a sex video of the outgoing POTUS, researchers report.

biggest headlines 2020

The 5 Most-Wanted Threatpost Stories of 2020

A look back at what was hot with readers — offering a snapshot of the security stories that were most top-of-mind for security professionals and consumers throughout the year.