On Tue, 28 Nov 2006, Larry Seltzer wrote: > >>People should be told that all emails purporting to come from banks > are to be ignored, and then banks have to find another way to > communicate with their customers. > > >>My bank uses bits of paper. > > We (PCMag) tell them if they get an e-mail from a vendor or a bank or > whatever and they're curious about it to go to the site through their
Not good enough. You're putting the burden on the user - you're expecting her to be curious about it, and why should she? > normal bookmark or by typying in the URL and to check their account on > the site that way. That's good advice. Do you also tell them, if that doesn't reveal a problem, that they shouldn't then click on the link in the email? Or do you regard that as too obvious to mention? > The e-mails Paul sends are sort of lame, but the only link in them goes > to www.chase.com and I don't see how they could be used in a scam. It > sounds like the user needs a new activation code; if they go to the site > they will be prompted for it. You might be able to ascertain that with 99% certainty, but Aunty Gi can't. She should tell her bank that all communications with her should be on paper. The problem is, the banks aren't sophisticated enough to use computers to communicate with their customers. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
