New York Times: Don’t Take This Bait (but You’re Safe if You Do)
The New York Times has an interesting story about the security of data online.
Law enforcement agencies that oversee computer security are well versed in the many permutations of “phishing,” the scam in which fraudsters try to lure people to a counterfeit replica of their bank’s Web site, for example, and have them part with their user names and passwords.
But even the professionally wary can be gulled — or close to it. Just ask Robert S. Mueller III, the director of the Federal Bureau of Investigation.
Mr. Mueller recently received an e-mail message that seemed to be from his bank. He clicked on the link and began to follow the instructions to “verify” his account information. Before completing the procedure, however, he realized that he had been led to a counterfeit site — so he left.
It’s the aftermath that is of most interest. After Mr. Mueller told his wife about his close call, he said she drew this conclusion from the experience: simply having online access to bank accounts is unacceptably risky. [...]
The F.B.I. director related the story in a speech to the Commonwealth Club of California in October. “Too little attention has been paid to cyber threats — and their consequences,” Mr. Mueller said that day. [...]
I’m not convinced, however, that online banking carries the high risk that Mr. Mueller implies. I know that as ordinary computer users, we are offered unlimited bait from phishers. But I’m not particularly worried: I’m not on the hook for losses from fraud — my bank is.
I could not find any online financial service — and I checked brokerage firms as well as banks — that stops short of promising to make a victimized customer whole. [...]
“Zero liability is now an industry standard,” said Doug Johnson, vice president for risk management at the American Bankers Association. Restitution is full, and customers do not even have the $50 of exposure that credit card holders risk from unauthorized use of their cards.
Possibly related posts: