Solution To Phishing: Ignore All Requests For Info

from the email's-dead-for-info-requests dept

As people are trying to come up with a "solution" to the phishing problem, it appears some people have come up with a perfectly workable solution: don't respond to any email asking for personal info, no matter how legitimate it looks. Part of the problem is that the phishing scams are very, very realistic looking. However, a bigger part of the problem is that banks and other companies don't take the threat seriously. Thus, they end up sending out mail that looks just like the mail phishers send. Because they still send out emails like this, they're effectively killing email as a channel of reasonable communication about account info. People are simply going to default to ignoring everything, just in case it's a scam.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    jim, 17 Nov 2004 @ 10:33am

    phishing

    I recieved a genuine email from one of the issueing banks that I called and determined from them to be legitimate. It looked exactly like all the phishing ads, and I told them it was stupid to send me anything like that and then expect me to reject the fake ones. I figure I am a bit smarter than most and certainly more suspicious, and wondered what a less informed user might make of it and respond to the wrong one.

    I told them one thing they should do is send out all emails with HTML and with only text links. If everyone saw the exact URL, and could not be fooled by highlighted URLs that were different from their links, then that would cripple one method the phishing people use. the URL that is highlighted (usually blue) says one thing and the actual link is something like "http://65.whatever/ off in north korea, or nigeria.

    they said that I could tell because it had their logo and some of my personal info in it that the phish ads would not.

    i pointed out if someone had obtained that i had one of their cards, they could send out phish ads with 99% of what they had in their ad (only need to get my email address, and send me a phish email with each of about 10 or 15 major credit card issuers, and they are bound to hit the one I have.

    Jim

    link to this | view in chronology ]

  • identicon
    Paul, 17 Nov 2004 @ 11:29am

    There is a solution

    The key is for banks to start using private email networks to communicate with their customers. This allows them to send authentic information to customers and to allow customers to interact with the institution in a safe and protected environment. One of the first networks doing this is Capango (http://www.capango.com). Look for more financial institutions to find their way to this as the only alternative that will allow them to electronically communicate with customers.

    link to this | view in chronology ]

    • identicon
      jim, 17 Nov 2004 @ 3:38pm

      Re: There is a solution

      I don't think I need someone other than going to the bank's web site and communicating with them there. I would object stongly to some third party getting involved.

      The only question I see is why does the bank need to send me an ordinary email telling me to look at the web site when I am perfectly capable of going there when I wish w/o that.

      As I said earlier if they want us to go to their portals or web sites, or programs that do direct banking, don't send a link integrated right into the thing to go to that site. And explain that no email will ever point to the portal, ever, you have to figure your own way out to get there.
      Then the phishing guys are out of business if someone is directed to a site that solicits their personal info.

      your solution would still solve nothing if an innocent was directed to go check their capango account and were scammed out of the necessary info that way. still screwed.

      link to this | view in chronology ]

      • identicon
        Paul, 18 Nov 2004 @ 12:41pm

        Re: There is a solution

        But if the customer and bank want two-way communication, then there needs to be a medium. Email is a medium that works, but the public email system ("@" email system) falls flat on its face.

        Banks may want to notify customers of any various items and they cannot just wait for the customer to visit the web site. Online banking, with approval proceses, is a classic example.

        The private email network allows institutions to send information via a private email that cannot be spoofed. So the customer knows exactly what to look for in the private email. It is built-into the network system, not just an HTML tag in an SMTP email.

        And this goes well beyond just your bank. Think of insurance, loans, credit card, and so many other trusted institutions that want a two-way electronic communication channel. Don't give that up just because the first try at it (the public "@" email system) failed. We just need to evolve.

        link to this | view in chronology ]

        • identicon
          jim, 19 Nov 2004 @ 7:26pm

          Re: There is a solution

          Paul,
          I hear what you are saying. I think you overlook that you and I as obviously more serious computer users, or at least serious enough to come back to this thread in a timely fashion, tend to look at email and probably interesting web sites quickly. probably 50 % of those I help and mentor won't go to their email any faster than a bank web site, so the medium as you say is not the problem. People may evolve, but I say that they can go to the web sites with security better than they can rely on crap drifting into their inboxes, like the current email system.

          If you have to go to a web site, now you can get a secure connection that you initiate, and therefore can trust.

          I will resist for a long time anything that comes to my email inbox and I have to wave a wand over to verify.

          A system to do what you wish to have people do, and what I do by hand now, is not yet invented or thought of, or there would be another internet millionair out there now.

          Looks like sendmail and yahoo are doing something, but I have not looked at it.

          I reject having a commercial entity, or to any of these pay to send schemes in my email system. We'll end up with the same crap we have with ATM's debit cards, and no security there, and it still will cost $$.

          Jim

          link to this | view in chronology ]

  • identicon
    Bawani, 9 May 2006 @ 8:06pm

    E-billing can solve phishing!!!!

    E-billing offers creditors the opportunity to send customized sales messages to recipients cost-effectively. Even messages sent to large segments of a utility company's database, for instance, can appear personalized for the recipient.

    Companies are able to use business rules to personalize every aspect of their communication. This includes highly targeted offers, rather than generic bill stuffers that no one ever reads.

    Companies can also conduct surveys [and] send out newsletters or service-change notifications.

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.