Telstra has revealed the addition of almost one million new mobile services in the six months to December 2011, but Sensis revenues plummeted 24 percent in 12 months.
Australia’s largest bank, the Commonwealth Bank, has been undergoing a
series of phishing attacks that have gone from simple alerts of
“banking errors”, through to chances of winning money, and now an
attack that wants CommBank users to call a number and verify their
details to a talking computer – but it’s all just a phishing scam!
Phishing scams targeting financial account holders, auction sites, social networking sites and other online accounts are nothing new, but the ferocity with which they are being thrown at account holders via spammed messages has only increased in both number and social engineering trickery.
Although cyber criminals are attacking all manner of financial and other online organisations and their users on a regular basis, there has been a series of phishing episodes against the CommBank in the past few months.
The initial phishing attacks against Commonwealth Bank customers took the usual route of pretending the bank had made some kind of error, and was proactively contacting users by email. A second lot took a more sinister turn, promising either money for time taken to update details, or the notification of an actual winning of prize money from the CommBank.
The third iteration of this latest phishing attack is much more sophisticated, giving users a phone number to call to interact with a computer system that talks to you.
Banks are now rolling out voice systems to help fight online crime, but cyber criminals are simply using the same tactics back to get users to dial a number, after which you hear a computer voice asking you to type your card details and PIN number via your phone’s keypad.
Because phishing and other attacks continue growing in sophistication, seemingly faster than the banks and other financial institutions can keep up, we bank account holders are never too sure what our banks are doing.
This makes the account holder susceptible to being tricked, and this happens every time a bank does a major upgrade of their online banking or even phone banking services.
It’s not as if the Commonwealth Bank doesn’t look like it’s trying hard to keep its customers protected, because it recommends its users download the latest AV packages (including some specific AV vendor packages), update browsers and switch on firewalls.
Unfortunately, this is only part of the equation that banks need to address if they are serious about giving the customer more tools to protect themselves from phishing attacks.
Gartner said in a banking report in May last year that “banks needed to work to prevent malware on customer desktops from stealing sensitive information, not just preventing brand damaging phishing attacks”.
Banks around the world and some in Australia are taking action on the Gartner report and have moved into the ‘now reality’ of the cyber security situation.
However as a customer of a bank I want this solution to compliment my choice of AV as I do not want them to tell me what AV I must have. Naturally, I want to use my usual browser – not one dictated by the bank – and for goodness sakes, no browser plug-ins, please!
Most importantly I do not want a solution that removes any applications I have on my computer.
There are solutions out there that will protect against the email based phishing attacks. One notable one is an Australian product called TrustDefender, which all banks, Australian or otherwise, would do well to look at.
No security software is able to stop the user from ringing a phone number – that requires a bit of nous, which unfortunately plenty of users lack.
I know the Commonwealth Bank is actively claiming at the moment that it is “different”, partly based on a campaign that the people at the bank will talk to you in plain, easy to understand terms.
Improvements to in-branch service, and a commitment to speak plainly and clearly is all well and good, and should have been the standard all along, but when so much banking is now done online, why doesn’t the Commonwealth Bank actually DO something “different” for its online customers in the security area?
It would actually make a real difference right now for customers, the bank, and everyone’s money, and for online banking customers, a true difference worth having.
David Bass
| For the fourth year in a row, IDC has placed content security provider Websense (NASDAQ: WBSN) at the top of the IDC Worldwide Web Security 2011 –…
How to Make Business Discovery Work for Your Business
Business Discovery takes its cues from consumer apps. Like Google, it encourages us- ers to hunt for and explore data without worrying about or even noticing the underly- ing technology. Their entire experience is working within an intuitive interface to get real-time, self-service results with only minimal training. ...more
Try an easy-to-use set of web-enabled
tools for business-class productivity services. Office 365 provides
anywhere-access to email, important documents, contacts, and calendars
on almost any device.
