Sophos, a world leader in integrated risk management systems, stresses carefulness in recent declarations that banks should end emailing customers to avoid providing more attraction for phishers. The call to action, made by a security expert at Dimension Data, is in reply to a new legitimate Citibank email that consumers incorrectly took for a phishing scam.
Sophos says that instead of stopping useful email communications, banks should ensure they are implementing appropriate security procedures and are consistent with their messaging so clients can easily differentiate between official emails and phishing attacks.
The email in question described a new sign-on procedure that guaranteed customers even more security. Customers were asked to update their log-ins by going to Citibank's web site, and entering their ATM number, pin and account number...all well-known signs of a phishing scam. Citibank's request contradicted itself with a warning written at the bottom of the message stating that the bank would never ask customers for such information via email.
"58 percent of business PC users receive at least one phishing email each day, while, alarmingly, 22 percent receive more than five a day, according to a recent web poll conducted by Sophos," said Ron O'Brien, Sophos's senior security analyst. "Those numbers, combined with today's more strategically targeted attacks, leave little room for error. If financial institutions have proper network security in place and are consistent in their messaging, customers will not have to guess whether they are dealing with a phishing attack."
