Wednesday, September 13, 2006

New Phishing Defenses May Confuse Customers

When users of Yahoo Mail sign in, they may be tempted to follow a link that says "Prevent Password Theft". This is a new process that Yahoo and other sites are using to help prevent phishing. Basically, phishing involves frauds sending spam with links to websites that look identical to trusted sites. These spam messages ask that the recipient follow the link and fill out the provided information. Someone gets hooked when they follow the link and unknowingly give the fraud their SSN or passwords or more. This new defense involves customizing your sign-in screen. The thinking is that if everyone customizes their sign-in screen, then phishers cannot duplicate the sign-in screen in mass.

The only problem with the Yahoo defense is that it only applies to the computer you are currently on. If you are at home, that is fine. However, with our public computers, it is not advisable for customers to implement this new defense as it will probably be erased when Clean Slate returns the computer to its original state.

Other defenses may not work the same way. My online banking site began utilizing a similar security measure; however, it is not localized to one computer. From the beginning, the bank asks for you to create a "trust word". If you do not see that trust word on the sign-in screen, then you are not to sign in. However, to see the trust word, you have to answer a question that is taken from your profile (ex. what are the last four digits of your SSN?) This initial question changes frequently.

So, if our customers ask us what on Earth is going on, you may be a little more prepared.

No comments: