UK Banks Say Phishing Victims May Be On Their Own
from the how-nice-of-them dept
It looks like some banks in the UK have decided that they’re tired of all this phishing scam nonsense and they don’t want the responsibility to fall on them. So, while they’ll look at things on a case-by-case basis, they don’t plan to reimburse the victims of phishing scams. It’s understandable that they don’t want to be held responsible, but they should take a more proactive approach to stopping phishing scams than simply telling the victims “too bad.”
Comments on “UK Banks Say Phishing Victims May Be On Their Own”
They do
Several banks over here already have warnings concerning phishing, such as:
“We will never send emails that ask for confidential information or security details. If you get such an email, please delete it immediately without responding.” or
“[organization] will never ask you for your memorable data or pass number in an e-mail. Never disclose this information to anyone.”
etc, when you log in for online banking.
Between sheer common sense and those warnings, I certainly don’t see why a bank should have to foot the bill for stupidity.
Re: They do
While, at one level, I agree with you… I’m still not sure. As we’ve shown in the past many phishing scams are amazingly effective even against people who know better… and not all banks are as enlightened as yours. Just recently we pointed out that a number of banks still send out messages that are nearly identical to phishing messages.
Re: Re: They do
Uhhuh. Yeah. I think the attitude to approach this is that it doesn’t hurt to display warnings and suchlike, and if the bank *can* do so, it *should*. I wouldn’t object, for example, to some multi-bank security-enhancing project/committee that had the effect of recommending these banners.
Now, if you want a related tangent, you can blame it on people’s ignorance of their browsers. I’m beginning to suspect that people don’t pay attention to their status bars when mousing-over a link – for example, both mozilla and thunderbird display the destination URL in the status bar. If they suppress it being displayed (mostly javascript on websites at fault here), I worry; if it’s not the same as the text for the URL, I flatly don’t click on it. Of course, you have to take into account that many people wouldn’t have the same experience/know-how to determine when the difference is significant (replacing domain-name with IP#? Relying on http-auth `@’ symbol to confuse people?) or not. Hence maybe more effort should be put into browser-use awareness.
Re: Re: Re: They do
Not to mention, alot of people don’t check to see if they have a secure connection before filling out personal information on websites. I’ve had to tell numerous people not to fill out any info unless you see a ‘s’ after ‘http’, and to look for the lock icon.
Re: They do
I agree in part. If you do stupid things, you should take the rap. But banks have such incredabily poor security when dealing with your money (their money is a different story), and therefore should be somewhat responsible when a phishing scam is able to transfer money from a person’s account to the scammers account with little more effort then a phone call or email. And lets not forget it’s these same banks that take a certified bank check, cash it, then find out 5 days later it’s fake and charge back the money to the poor sucker that took the “certified” bank check as being .. well .. certified. I think if the bank can’t take the time to check the veracity of the check at the time they cash it – THEY should be stuck when it turns out phoney.
No Subject Given
But visibly trying to do something about phishing scams is also part of your customer relations. At least it gets you thinking that the bank actually cares about your money …
Re:UK Banks Say Phishing Victims May Be On Their O
From a banking industry perspective, I must say that this story is incorrect. It follows a highly misleading article in The Times back in November which was taken out of context. The fact is that all banks have published Internet guarantees which will protect innocent victims of fraud. Of course, all customers are asked to remain vigilant and take precautions to keep their security information safe, but there has been no change in position on refunds.
phishing
I would like to find out who’s actually pulling the strings in this phishing business with their ever changing strategies.
If someone got phished upon and another person – believing to earn a transfer commission of 8% – then
who is to blame?
Can anyone eventually expect to be reimbursed for any
damage or loss ?
Awaiting your reply I remain
with best wishes of vigilance: Knut.