Security Fails When Banks Try To Resemble Scammers

from the imitation-is-the-sincerest-form-of-flattery dept

We’ve discussed the threat to ATM security whereby a false front is attached to the machine, allowing attackers to scan a customer’s card when they try to make a transaction. One solution is to warn customers about suspicious attachments to the machines, so that they’ll know not to swipe their card when they see one. However, any effort to warn customers is undermined when banks attach their own devices to the machine that look just like illicit scanners. One security expert recently came upon an ATM in the UK that had an anti-scanning device attached to the slot so sloppily soldered on that he went to a different machine. This is similar to another mistake that banks make, sending out emails that look exactly like phishing scams. The goal of many scams is to trick people into giving away information to what appears to be a trusted party. But when institutions’ tactics so closely mimic the scammers, consumers don’t know who to trust.

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Security Fails When Banks Try To Resemble Scammers”

Subscribe: RSS Leave a comment
anonymous Coward says:

Any type business today has to be on their best behaviour, and show good business pratices in all areas of their business. When they get sloppy they are telling their customers “They don’t care”. I am sure that many people walked away from that ATM machine. I would of too. Don’t they get a small percentage when a transaction is made at the ATM? If so, soon they will see a decline. If not I would bring it up to the manager. I have pointed out things like this to managers in the past. None of them got mad or nothing, and the problem was corrected. In todays age Security is taken more seriously, so tell the manager, it’s their job to sort it out. You job is to help our security to be better than it is. If you don’t like that type attitude, then you was born in the wrong Century, and I feel sorry for you. NOT!

Celes says:

Re: Re: Scammed

Unfortunately, it wasn’t the bank’s mistake. When you give your card for a transaction which will cost an unknown amount of money (like a gas station, because they don’t know how much gas or what grade you’re going to put in), the company checks to make sure you have enough funds in your account to handle a reasonably large transaction. So a gas station might authorize your card as though you were filling up a Hummer. The bank only holds that amount from your account until the transaction is completed and the extra authorization is released (which could take a few business days).

If you don’t want these authorizations tying up your funds, the best bet is to use a credit card. As far as I know, although authorizations are held from your available credit, you won’t incur an over-limit fee unless the amount is actually charged to your card.

That said, back to the main topic. Legitimate companies should learn not to ask for account information from an email. If they must, at least tell everyone to call a customer service number that they can verify, like from their credit card or bank statement, or to go to their main website (without providing the link). The whole point of a scam email is to look legitimate, so legitimate companies shouldn’t be surprised when they’re not getting the information that they need because customers would rather play it safe than risk getting fooled.

just think says:

Re: Scammed

its a common practice for the gas station to pull out 75 dollars to cover your gas then to return the amount that you dont actually use

there have been several news stories about people then getting charged by the bank because of the gas station “blocking” off that money until the station turns in their paperwork.

What gas station did you use ? thats the real question

Now on to the bank looking like phishing scams…. just dont answer emails from banks

If people let the bank know it looks like a phishing scam when its from the bank then they might change the way they send out stuff

Happy Customer says:

Re: Scammed

>this bank is called Washington Mutual.


Are you serious? WaMu is the only bank I have ever used that has NOT tried to scam and cheat me. In every dealing they have been Scrupulously honest.

I can only assume that either it was a legitimate error and you did not even try to call them and fix it, or that is somehow your fault.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...