Sophos, a world leader in integrated threat management
solutions, stresses caution in recent statements that banks should
stop emailing customers to avoid providing more temptation for
phishers. According to media reports from ZDNet, the call to
action, made by a security expert at Dimension Data, is in response
to a recent legitimate Citibank email that customers mistakenly
took for a phishing scam. Sophos says that instead of halting
useful email communications, banks should ensure they are taking
proper security measures and are consistent with their messaging so
customers can easily distinguish between official emails and
phishing attacks.
The email in question described a new sign-on procedure that
guaranteed customers even more security. Customers were asked to
update their log-ins by going to Citibank's web site, and entering
their ATM number, pin and account number…all well-known signs of a
phishing scam. Citibank's request contradicted itself with a
warning written at the bottom of the message stating that the bank
would never ask customers for such information via email.
"58 percent of business PC users receive at least one phishing
email each day, while, alarmingly, 22 percent receive more than
five a day, according to a recent web poll conducted by Sophos,"
said Ron O'Brien,
Sophos's senior security analyst. "Those numbers, combined with
today's more strategically targeted attacks, leave little room for
error. If financial institutions have proper network security in
place and are consistent in their messaging, customers will not
have to guess whether they are dealing with a phishing attack."
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.