|
|
It is becoming more evident that the 'PULL' model of eStatements is a prime target for phishing. Conditioning customers to click on a link and login to view their bank statement piques the interest of phishers who then replicate the process but with dodgy links to pseudo sites that capture login details and empty out bank accounts.
In this edition of eBilling Insight we investigate how easily your customers can be caught in a phishing scam as well as give advice on how you can structure your eStatement process to prevent this from happening.
A phishing email masquerading as a bank's eStatement alert - would you know the difference?
A case in point. Recently an HSBC eStatement alert was replicated by phishers. It looked exactly as one would expect an eStatement notification to look; the logo was in the right place and the images as well as links were directed to the HSBC site. The exception was the "Proceed to the HSBC website" link which went to a compromised website housing a man-in-the-middle phishing exploit.
Customers wouldn't have thought twice about clicking on the link and entering their login details, the details of which would have been captured by the phishers.
The following statistics were extracted from the latest AWPG Global Phishing Survey (October 2010):
"Millions of phishing URLs were reported in the 1st half of 2010, but the number of unique phishing attacks and domain names used to host them was much smaller. The 1st half 2010 data set yields the following statistics:
- There were at least 48,244 phishing attacks. This is down significantly from the record 126,697 observed in 2nd half 2009, and the fewest in any period since the 1st half 2008. The decrease in attacks was due to reduced activity by the Avalanche phishing gang.
- The attacks occurred on 28,646 unique domain names. This is virtually unchanged from the 28,775 seen in 2nd half 2009, and down from the 30,131 observed in 1st half 2009. The number of domain names in the world grew from 168 million in mid-2008 to 192 in late 2009 to 196 million in May 2010"
As indicted in our Industry Trends graph alongside; the total number of phishing attacks are declining. However this does not negate the fact that phishers are getting smarter and producing emails that are almost indistinguishable from the authentic version.
To prevent phishing, customer protection must be maximized
Emails should be digitally signed, come from SPF and DKIM protected domains and have personalization such as your full name and the display of partial customer data on the face of the email. This assures customers that the sender knows who they are sending the email to.
Security is a key factor for both the sender and recipient, here is more information on these protection devices.
The obvious solution is email delivery
Emailing the customer a Secure PDF eStatement each month is a much simpler and safer option. There is no website to visit, no links to click on, no registration and this option is available to everyone that has an email address (estimated at 84% of economically active customers in the UK).
Across the globe, some of the biggest banking brands have already seen the light and are 'pushing' eStatements to their customers, we think it's just a matter of time until the whole market follows suit.
|
 See if you can guess who's next in our latest poll: Which UK bank will be 'pushing' eStatements to their customers in 2011?. |
|
|
|
 |
 |
ANNOUNCEMENT
|
 |
|
|
Striata will be presenting a live demo of our new Interactive PDF eBill at FinovateEurope in Feb 2011. Interested in attending? Visit www.finovateeurope.com and enter Striata10 as the discount code to receive a 10% discount off your ticket.
|
|
|
|
|
|
|
 |
INDUSTRY TRENDS
|
|
|
|
Phishing domain names and attacks
|
|
|
|
|
|
|
|
|
|
|
 |
SOLUTIONS & SERVICES
|
|
|
|
|
|
|
|
|
 |
RECENT BLOG POSTS
|
|
|
|
N. America: +1 88 88 USAPAY
Europe: +44 207 268 3941
Asia Pacific: +852 2159 9450
|
|
 |
|
|
|
|
|
|
|
|
|
|
|
|
|
About Striata
|
|
Striata revolutionises the way bills, statements, policies, collection notices, letters, payslips and other high volume system-generated documents are delivered and paid. »
Learn more
|
|
|
|
|
|
|
|
|
|
|
|
| NEW YORK |
48 Wall Street
Suite 1100
NY, 10005
USA |
| T: +1 88 88 USAPAY |
|
| LONDON |
88 Kingsway
London
WC2B 6AA
United Kingdom |
| T: +44 207 268 3941 |
|
| SYDNEY |
5/9-11 Knox St
Double Bay, Sydney
NSW 2028
Australia |
| T: +61 (2) 9363 9655 |
|
| JOHANNESBURG |
158 Jan Smuts Ave
Rosebank
JHB, 2198
South Africa |
| T: +27 11 530 9600 |
|
| HONG KONG |
20th fl, Central Tower
28 Queen's Road
Central
Hong Kong |
| T: +852 9132 0200 |
|
|
|
|
|
|
|
|
|
