When You Can't Tell The Phishing Emails From The Legit Ones, Just Ignore Them All

from the smart-security dept

Phishing is a common way for criminals to try and steal people's passwords or other personal information, and it depends on phishers crafting emails and fake sites that look enough like the real thing that people will willingly surrender their information. Banks and authorities are obviously aware of phishing, but that doesn't stop them from undermining their online security efforts, as well as their online products, by sending out legit emails that look like phishing attempts. The latest instance sees some British cybercrime police attempting to notify more than 2,000 people in the country that their personal information, including credit card numbers had been stolen. They get an A for effort, but an F for execution, since they're letting people know by sending them an email, and asking them to get in touch -- which plenty of people aren't doing, because it sounds an awful lot like a phishing scam. The rise of phishing has made consumers loathe to trust anyone they don't know from whom they receive emails asking for contact or personal information -- and rightly so. But if banks and authorities are going to tell people that's the right thing to do, they shouldn't be at all surprised when their emails go ignored as well.

Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    Jen, 23 Jan 2007 @ 4:28am

    Distinguishing between Phishing and Reality

    I predict that a new mental health disorder will be soon be identified as people are faced with determining whether these more professional-looking phishing scams are "real". How do we identify a"real" email from our bank or credit card company? We look for clues that are consistant with our experience of "real" emails - (1) Is this the account I use for that credit card (often the answer is 'no'), (2) Is that the "real" web address (URL), (3) Does the email sound like a corporation wrote it (style and standard U.S. grammar), etc. But what is a person to do when reading what may be either a particularly well-designed phishing email or a legitimate communication from your bank or creditor.

    Having thought about this a while, the best answer seems to be to avoid using email for any financial transactions. Don't give out your email address to your bank, and then you'll know that any email that purports to be from "Chase Bank" is a fake because you don't talk to Chase Bank via email. (You know, there are still a few people in this country who do not have even one email account!)

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Shop Now: Copying Is Not Theft
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.