Security Fails When Banks Try To Resemble Scammers

from the imitation-is-the-sincerest-form-of-flattery dept

We've discussed the threat to ATM security whereby a false front is attached to the machine, allowing attackers to scan a customer's card when they try to make a transaction. One solution is to warn customers about suspicious attachments to the machines, so that they'll know not to swipe their card when they see one. However, any effort to warn customers is undermined when banks attach their own devices to the machine that look just like illicit scanners. One security expert recently came upon an ATM in the UK that had an anti-scanning device attached to the slot so sloppily soldered on that he went to a different machine. This is similar to another mistake that banks make, sending out emails that look exactly like phishing scams. The goal of many scams is to trick people into giving away information to what appears to be a trusted party. But when institutions' tactics so closely mimic the scammers, consumers don't know who to trust.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    anonymous Coward, 30 Mar 2006 @ 11:08am

    Any type business today has to be on their best behaviour, and show good business pratices in all areas of their business. When they get sloppy they are telling their customers "They don't care". I am sure that many people walked away from that ATM machine. I would of too. Don't they get a small percentage when a transaction is made at the ATM? If so, soon they will see a decline. If not I would bring it up to the manager. I have pointed out things like this to managers in the past. None of them got mad or nothing, and the problem was corrected. In todays age Security is taken more seriously, so tell the manager, it's their job to sort it out. You job is to help our security to be better than it is. If you don't like that type attitude, then you was born in the wrong Century, and I feel sorry for you. NOT!

    link to this | view in thread ]

  2. identicon
    Scammed, 30 Mar 2006 @ 2:44pm

    Scammed

    I got scammed by the bank, I went to buy gas for $30 and they pulled $75 overdrawing my account and I had to pay about $200 in fees.


    this bank is called Washington Mutual.

    DO NOT USE THEM!!

    link to this | view in thread ]

  3. identicon
    Adam, 30 Mar 2006 @ 4:18pm

    Re: Scammed

    You had to pay? Switch banks. No goddamn way a bank makes a mistake and charges me for it. Not without reimbursing me, with lots of interest and possible damages.

    link to this | view in thread ]

  4. identicon
    just think, 30 Mar 2006 @ 6:09pm

    Re: Scammed

    its a common practice for the gas station to pull out 75 dollars to cover your gas then to return the amount that you dont actually use
    there have been several news stories about people then getting charged by the bank because of the gas station "blocking" off that money until the station turns in their paperwork.
    What gas station did you use ? thats the real question


    Now on to the bank looking like phishing scams.... just dont answer emails from banks
    If people let the bank know it looks like a phishing scam when its from the bank then they might change the way they send out stuff

    link to this | view in thread ]

  5. identicon
    Celes, 31 Mar 2006 @ 7:05am

    Re: Re: Scammed

    Unfortunately, it wasn't the bank's mistake. When you give your card for a transaction which will cost an unknown amount of money (like a gas station, because they don't know how much gas or what grade you're going to put in), the company checks to make sure you have enough funds in your account to handle a reasonably large transaction. So a gas station might authorize your card as though you were filling up a Hummer. The bank only holds that amount from your account until the transaction is completed and the extra authorization is released (which could take a few business days).

    If you don't want these authorizations tying up your funds, the best bet is to use a credit card. As far as I know, although authorizations are held from your available credit, you won't incur an over-limit fee unless the amount is actually charged to your card.

    That said, back to the main topic. Legitimate companies should learn not to ask for account information from an email. If they must, at least tell everyone to call a customer service number that they can verify, like from their credit card or bank statement, or to go to their main website (without providing the link). The whole point of a scam email is to look legitimate, so legitimate companies shouldn't be surprised when they're not getting the information that they need because customers would rather play it safe than risk getting fooled.

    link to this | view in thread ]

  6. identicon
    Happy Customer, 2 Apr 2006 @ 5:05pm

    Re: Scammed

    >this bank is called Washington Mutual.

    >DO NOT USE THEM!!

    Are you serious? WaMu is the only bank I have ever used that has NOT tried to scam and cheat me. In every dealing they have been Scrupulously honest.

    I can only assume that either it was a legitimate error and you did not even try to call them and fix it, or that is somehow your fault.

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.