The really scary thing about phishing is that it's often indistinguishable from the genuine, but stupid, behaviour of the banks.
I often receive phone calls from banks without caller-id at all; their number is withheld. And yet they expect me to trust them, and to authenticate myself by providing 'secret' information.
This kind of behaviour from the banks, along with the fact that they habitually send email without PGP signatures, is actively encouraging naïve customers to submit to phishing attempts — because they just can't tell what's genuine and what isn't.
The regulatory authorities should deal with this, and force the banks to apply some clue to their own outgoing communications. Or failing that, perhaps some criminal prosecutions for aiding and abetting the fraudsters?
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds