Monday, May 15, 2006

Phishing

I am incredibly busy today, with two hours to go until I need to leave to catch a train and a mountain of work that even thinking about is giving me vertigo.

But I am so enraged and utterly disgusted that I needed to vent to gain any reminance of productivity from my time left.

On Friday I received a phishing email to my work email account, which I never give out to anyone other than work colleagues and that I only receive work emails to (with the exception of the inevitable 'Friday Forward' from a client that shows their true colours).

The content read as follows:



While, helpfully, Thunderbird pointed out that this may be a piece of spam, I was one step ahead.

The reason?

I don't actually have an HSBC account.

Having only once received a phishing email before, that was so painfully blatant I was tempted to write back to them with a list of corrections and mistakes highlighted in red, I found this example quite intriguing.

The link, claiming to be to some obscure folder location on the HSBC account linked to some totally unrelated ip address (obviously). But other than that (and obviously that banks state over and over again that they never ever require you to enter your login details online in full at any time) to the inexperienced user the email will have looked pretty convincing.

I sighed, wondering what had become of yet another exploited channel of human trust and deleted this email.

Then, today, I received another, this time from Barclays:


I am terrible at filling out forms, returning slips, doing any thing, really, that I don't actually have to do involving stamps, tick boxes, post offices and 'free prize draws' (I wonder how many I-pods I really could have won by now...). Customer service forms have sat on my desk untouched for months until I finally realised that, yes, I am that hopeless and that poor man from Admiral (yes, I really am sorry, your customer service was outstanding and you were really very nice, but I can't remember your name and I don't have a stamp...) will never receive his acclaim.

Of course I ignore junk mail, but letter after letter from my university, for example, asking me about my career development have been binned (partly because I couldn't quite get the courage to put my job title down in print, I like maintaining an air of mystery regarding my career, to my conscious at least, its just a matter of convincing yourself of a non-truth...).

But I was incensed. I was a woman possessed. I was not going to let this pass. For once, I was going to do a good deed for my fellow online banker. Without my online bank facility I would have to trudge to my branch on a weekly basis (as I play ping-pong with my tax account and my current account) and even more so in the days leading up to pay-day. I was determined that I would help fight the good fight against these evil bastards that were attempting to exploit my fellow user.

So I scoured Barclays' website for some way of recording this email. Nothing was immediately obvious so I gave the first number a call.

Why they needed my name I don't know, but I humoured them, I was, after all, feeling generous and helpful. I explained the situation, sure my helpful assistant would be all too willing to divulge an email address for me to report this crime to.

After a few ummms and ahhhs and oooohs her advice was: pop into my local branch and give it to them.

Right.

Because, of course, I've that much time.

I wanted to point out that I wasn't doing this for fun, I wasn't the sort of person who spent their afternoons writing to Points of View and peeking out of the curtain at their next door neighbours then reporting their antics to all who would listen. I was doing a good deed, but lets not push it, I'm not a saint.

I did attempt to explain this, in a slightly more 'flowery' way. But that was all I was going to get out of her. I eventually found a spam email reporter embedded in the site but it wasn't easy.

Next, I thought, as I was on a very poor roll, I'd give HSBC the same generous treatment, as I didn't want to instill favouritism.

HSBC, to their credit, have a wealth of information on internet security on their website. But an email address to report such breaches?

Nope. Not a sausage. I ended up ringing the head office in London.

The Asian gentleman on the other end of the line at least has a spiel. Which he repeated again and again. That I was not to open the email, that I was not to put in my details (I interjected, fighting against his waffle, on several occasions that I was NOT an HSBC customer and had no details to put in but that wasn't going to stop him in full flow). I asked if there was an email address I could send it to. No. I wasn't allowed in case I passed on a virus. Nice. He said they'd already be aware of this, I argued that this may be a new case of phishing but, alas, my cries were met with a brick wall of words from someone who clearly had no idea what he was talking about. His closing phrase was that I should install anti virus software and a firewall.

Because, of course, I'm only web designer with a boyfriend who was a former ICT officer and, oh god, I didn't think of doing that.

So I got off the phone in nothing less than a rage. Not at the phishers, but at the complete incompetence of those trying to prevent such breaches of security and protect their loyal customers. I was treated, in my view, appallingly, and thus I will not be banking with them in the foreseeable future (I'd like to say forever but I'm a little weak and their mortgage interest rates may be favourable in a few years). This is no real loss to them, as I have a substantial overdraft that I will, on occasions, make good use of and a poorly looking sum in my savings account. But if I had a customer service form here right now it would be going in the post today with a first class stamp and all the 'totally unsatisfied' boxes angrily ticked.

I was totally shocked at the way I was dealt with and the complete lack of understanding that these people had. I have not yet received such spam 'from' my own bank, and can only hope when I report it I will be treated a little better.

I apologise greatly to all those users who may have been scammed by such emails (I have included the screenshots to hopefully prevent someone somewhere from accidentally clicking on a link that will result in a financial loss, and trust me, it can happen to the most net-savvy of us on an off day, or even in a momentary lack of concentration). I tried.

Now I am considerably behind on my work and will thus have to work on the train instead of writing to my boyfriend, which I apologise in advance for.

Right, rant over. Rollovers to attend to.

0 Comments:

Post a Comment

<< Home