Tuesday, 5 April 2011

Kiwibank security message

I have just got an email claiming to be from the Fraud Prevention Unit Legal Advisor for Kiwibank.
You have 1 new security message.
Click on the link below to solve the problem.
The link looks genuine but I don't have a kiwibank account, so why would I get a security alert from them?
Hovering over the link shows that the destination is something to do with bricklaying ... you have to remember that a link can show any words it likes, it doesn't mean anything. In fact, hovering over the link can sometimes activate it ... so it is safer to just look at the source code instead.

This is a common type of scam. Kiwibank know about it. Basically, no bank will ask you to update your security details via a website. S, any message that does so is a scam. Easy.

I notice that there is yet another half-hearted attempt to raise awareness of scams in NZ. Sadly the emphasis is still on the "if it seems to good to be true it probably is" message. The trouble is that these scams are designed to look like they are part of normal life ... they generally don't seem to good to be true, just a bit surprising.

Instead, the campaign needs to emphasize critical thought ... this is harder to do in the short term but pays dividends in the long run. Are there any red flags? Does the message pass a basic bullshit test? We also should be teaching students how out electronic services actually work at a nuts-and-bolts level ... that way redirected links wouldn't fool anyone.

Real solutions are always hard - suck it up.

No comments:

Post a Comment