When I get spam email from people claiming to be banks I’ve never done business with, I usually delete 'em after sending a FWD to my ISP’s spam department. Sometimes, though, if I’m bored, or particularly motivated, I’ll look up the website of the bank involved, and see if I can find their abuse or security email address to send a copy of the email to them, too.
Most of the banks for whom I get such phishing emails will have, on their front page of their websites, a link for that email address, since phishing is a pretty common problem.
For the first time, today, I got an email claiming to be from a bank which, when I investigated, had no simple or easy to find email address. And it surprised me. I thought it had become a common practice.
So the questions I’d like to get posters to respond to would be:
Do you forward phishing emails to the institution that is affected by the phishing?
Do you agree with my impression that most banks have their fraud email address linked on their front page?
Would you feel the lack of that easy-to-find link indicates a certain lack of concern on the part of the bank involved, enough to make you reluctant to do business with them?
I don’t remember ever having gotten a bank phishing e-mail. If I did, it was at work (an e-mail address I never use for personal purposes). I deleted it and didn’t report it.
I looked here (looked at maybe the top 15) and found that it seems to depend on the type of bank. There were a couple of banks that seemed to focus on corporate or investment clients that seemed to be the ones that placed less emphasis on fraud alert. The rest of them either had a prominent link about fraud (presumably with a contact link) or at least had something labeled privacy or security that allowed visitors to report fraud.
Not necessarily; might just indicate less of a focus on the internet, although that seems unlikely if they want to survive.
I’ve forwarded a phisher once, normally I just delete them
I don’t really look at bank sites - they depress me - flashy and foolish coding
As a programmer I am extremely wary of online banking, I could easily write a key logger, I’ve implemented SetWindowsHookEx before and it would be dead easy to fool a Firewall into letting out logged info.
Virus protectors are not much use if they don’t know about the virus.
The only thing that I’ve seen that looks slightly safe is a key ring given out by a UK bank to business clients. It contains a chip that displays about eight changing numbers on a LCD, I presume that inside it there is a clock and a sequence generator that is individually seeded.
I’ve no faith in the ability of banks to guard against such fraud and expect it to become a very serious problem.
I’d sure like to be able to delete the phishers to in addition to their phishing e-mails!
In addition to writing the key logger you have to get it onto the victim’s system. That is the hard part (note that I did not say impossible and I didn’t even say extremely hard; I just said hard). Leaking information is why something like Zonealarm or the other firewalls that control activity of individual programs rather than just ports should be on everyone’s computer. You’re right; AV programs are not much use if they don’t know about a virus (but they still are of some use under the circumstances if you have heuristic scanning turned on) but faithfully keeping them up to date only leaves very small intervals of time when you can be nailed by a new virus.
I too am a programmer, and I DO use Internet banking as well as various other Internet services. Yes, there is a chance of fraud with Internet banking. However, there is also a chance of shoulder-surfing with bank machines, card skimming with debit cards, people going through your garbage looking for account numbers (if you shred, does your shredder cut in long strips that someone could piece back together?), telephone fraud and other forms of “social engineering”, etc. etc. etc. My solution is simply to be careful and to keep an extremely close eye on my bank and credit card accounts (which is one advantage of Internet banking - I can check my accounts every day if my little heart desires).
1) Do you forward phishing emails to the institution that is affected by the phishing?
Yes.
2) Do you agree with my impression that most banks have their fraud email address linked on their front page?
Most, but for some it’s under their Customer Assistance pages.
3) Would you feel the lack of that easy-to-find link indicates a certain lack of concern on the part of the bank involved, enough to make you reluctant to do business with them?
I agree in terms of “easy to find,” but not “front page.”
I’m not too concerned. I know how to tell a valid site from a phake one, and I stay aware of possible security breaches. And, I don’t think that forwarded phishing emails actually help the bank increase security.