Gone Phishing

Published On January 21, 2014 | By Joseph (Ken) | Business, World


I just got the following email in my mailbox:

Our Customer,

You have (1) Unread Secured Message !


Thank you for helping us to protect you.
RBC Royal Bank Online

So for today’s article I thought I’d comment on Phishing.

Phishing is “the act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication

Phishing gets it’s name from “fishing”. The trick in fishing is choosing the right bait.

In the email above, the “bait” is trying to play on the fear of identity theft with “helping us to protect you” and curiousity with the “unread secured message“.

The point is to create fear, drawing the recipient in BEFORE common sense kicks in.  I have tweaked it a little to give a more common example:

Dear Customer,

It has come to our attention that your account may have been compromised.

As such we have put a hold on your account until you are able to verify the activity on the account.

Please click on the following link to login and confirm your account activity: Sign-In-eBanking

It is important that you never share personal information. 

Thank you for helping us to protect you.

RBC Royal Bank Online

In my example the link is hidden so you are unaware that it is not a valid RBC website – that is an important part of phishing, as some of the more sophisticated phishing involve websites that are exact duplicates of the valid website. An easy way to check is to run your mouse over the hyperlink to see the actual address.

The following article reflects upon the issue of phishing and how Target’s actions, in response to its security breach, can create even bigger problems.

Target breach notifications are a perfect example of what not to do

Hopefully your company will never be the victim of a massive data breach. If it is, though, and customer data is compromised, make sure you don’t follow Target’s lead when it comes to notifying customers. Target’s customer notification efforts are wrong on almost every level.

“Customers are conditioned to not click on links in email messages. In the wake of a massive data breach like Target experienced, phishing scams often try to exploit the heightened awareness by sending out emails that look very legitimate.

“Security experts warn users to specifically avoid such emails following a data breach, and remind users that a legitimate, reputable company would not send you an email and ask you to click on a link.

“Apparently, Target did not get that memo.

Like this Article? Share it!

About The Author

Joseph (Ken)
(Ken) is a Registered Public Accountant with over 25 years of public practice experience in the accounting profession. Ken specializes in accounting information systems, taxation and financial reporting.

Comments are closed.