> It's not how smart you are, it's your critical thinking skills,

While critical thinking is important and admirable, I can't agree that this is the core of the problem. The core of the problem is that internet banking was foisted on us by banks to shave a few more pennies from their costs by sacking more tellers. It is badly thought out, badly implemented, and built on a half-baked infrastructure.

The infrastructure at present is so rickety that there are sites were it is really, really difficult, even for an expert, to be sure. The amount of effort in fact is so great that if you are really doing it properly, it would be much MORE convenient to walk a few blocks to the local branch and stand in line for a while.

And both the sophistication and intensity of phishing is rapidly increasing. For example, we have as yet seen only small scale use of DNS poisoning. When it becomes more common, the old standby advice of "never use a URL from email, login to the site's main page by typing in the URL" will no longer work. We can then expect the rate of victimisation to rise from the already shocking current level of 3% to perhaps 10 times that, which is a level sufficient to cause an economy to collapse.

Before that happens, we need to get the message out: in its current form, internet banking (often) is NOT safe. Refuse to use it until the banks get their house in order.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/newsbriefs/176/875#875