Brendan O’Donovan, in a letter to this week’s Guardian Online supplement, makes an excellent suggestion about how banks might deal with the 4% of their online customers who fall for phishing scams1 and give their banking details to the phisher’s website.
His idea is simple. The banks themselves should send out phishing emails to their online customers and record who responds. Brendan merely says that the banks could then lock out and educate such customers but I’d like to take it further. I’d like to suggest that when a ‘victim’ next tries to log on to their account they are presented with a screen saying Sorry but we’ve suspended access to your account because you appear to be a complete idiot.
1 A phishing scam is one of those emails you receive which claims to come from your bank and tries to present you with a plausible reason why you need to log on to to your bank’s website to re-enter your details. Details such as your user id and password.
Helpfully, the email will provide a link which you can click on to take you to your bank’s website. Except that, of course, it does no such thing. The link takes you to the scam’s website which is set up to look just like your bank’s. The rest of the scam should be obvious. If it isn’t then perhaps you’re not ready to use online banking2.
Posted 25 November 2004, 18:35 GMT