Security news
Security news15 November 2006
Should banks stop mailing customers to avoid phishing concerns? Sophos comments Proper security measures and consistent messaging help evade problem
Sophos, a world leader in integrated threat management solutions, stresses caution in recent statements that banks should stop emailing customers to avoid providing more temptation for phishers. According to media reports from ZDNet, the call to action, made by a security expert at Dimension Data, is in response to a recent legitimate Citibank email that customers mistakenly took for a phishing scam. Sophos says that instead of halting useful email communications, banks should ensure they are taking proper security measures and are consistent with their messaging so customers can easily distinguish between official emails and phishing attacks.
The email in question described a new sign-on procedure that guaranteed customers even more security. Customers were asked to update their log-ins by going to Citibank’s web site, and entering their ATM number, pin and account number…all well-known signs of a phishing scam. Citibank’s request contradicted itself with a warning written at the bottom of the message stating that the bank would never ask customers for such information via email.
“58 percent of business PC users receive at least one phishing email each day, while, alarmingly, 22 percent receive more than five a day, according to a recent web poll conducted by Sophos,” said Ron O’Brien, Sophos’s senior security analyst. “Those numbers, combined with today’s more strategically targeted attacks, leave little room for error. If financial institutions have proper network security in place and are consistent in their messaging, customers will not have to guess whether they are dealing with a phishing attack.”
Download now
- SQL injection attacks are the biggest threat
- 90% of malware on legitimate sites
- Hackers exploit Web 2.0
About Sophos
Sophos enables enterprises all over the world to secure and control their IT infrastructure. Sophos's network access control, endpoint, web and email solutions simplify security to provide integrated defenses against malware, spyware, intrusions, unwanted applications, spam, policy abuse, data leakage and compliance drift. With over 20 years of experience, Sophos protects over 100 million users in nearly 150 countries with its reliably engineered security solutions and services. Recognized for its high level of customer satisfaction and powerful yet easy-to-use solutions, Sophos has received many industry awards, as well as positive reviews and certifications.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com
