« links for 2007-01-25 | Main | Holy Kos Barack (man), Hillary Clinton Has Some Mojo »

Phishing Where The Financial Fish Are

When are financial services companies finally going to wake up and realize that one of the best tools they have to combating terrible phishers is secure RSS feeds.  Take this recent phish email I received from a company posing as PayPal and you decide for yourself whether you would have fallen into this trap.  I'll go through what tipped me off so you can learn from this.  Please look, this is serious and is less about your PayPal account and more to do with getting your password.  Most people use the same password for all of their accounts so now that these evil phishers have a password, they can try logging into your, say, Bank of America account or other checking account.   How about getting enough information on you for identity theft?  All from an email link.Phish_email_2 Think about that.

  1. Email address is phishy because it says [email protected]
  2. Subject line says Please Restore Your Account Access even though I haven't tried to login in a while.
  3. In the body of the email they request information from me which most companies never ask for.
  4. They wrote that my account has limited access but never explained what that means
  5. Case ID #'s look very odd
  6. Finally and this WAS THE BIG TIP OFF - the links to logging in were not just links that took me to logging in but the embedded URL has my email address pre-populated in it plus other code.  See the screen shot below.  This is very, very evil.

Phish_url_2


I logged into my account, but not via the phishy email link, and behold, full access and no error message.  I sent the email to PayPal who confirmed it was a phish. 

Now, back to the start of this post.  Why doesn't PayPal get it?  Obviously by all of the fraud messages on their site, they know they are under attack.  Why don't they just force EVERYONE TO OPT INTO A SECURE RSS FEED  like the ones available from SimpleFeed?  Besides having the unique format of RSS feeds that make them phish-proof (you opt in and they send you an URL to view content), SimpleFeed can also send it password protected too. 

Every financial institution should provide secure RSS feeds for customer communications.  Otherwise, sadly, they'll probably be forced by a governing body like the NASD to only send emails with no links in it - moving the financial services industry back to brochure ware.  Come on people wake UP.

PardonMyFrench,

Eric

Eric Frenchman founded PardonMyFrench in 2005. PardonMyFrench is a small boutique digital agency that helps clients of all sizes and in all industries. Whether you are a small local business trying to drive store traffic or a large business, PardonMyFrench can deliver results for you – regardless of spend. We specialize in Google, Facebook, Twitter, Bing, as well as taking the time to explain and work closely with our clients.

on January 25, 2007 in Financial Services Marketing, RSS Feeds |

Tags: ebay, financial services, pardonmyfrench, paypal, phishing, rss feeds, simplefeed

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

The comments to this entry are closed.

Subscribe

* indicates required

Stuff

  • Eric Is AdWords Qualified

Search

Categories

Archives

More...