Threat Level: green Handler on Duty: Lorna Hutcheson

SANS ISC: Is your banks Online security policy making it more of a target for Phisher's? - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Is your banks Online security policy making it more of a target for Phisher's?
This morning in the Handler's secret room, we were having a discussion about financial institutions and there supposed security policy making them a lucrative target for spamming and phishing.  Our discussion centered around
how they attempt authenication and if this authenication actually increases the likelihood that your account will be compromised. 

One example:
A bank or financial institution implements a security policy that requires you to answer a question in addition to your user id and password.  This sounds great right, a "two factor" method of identification.  Well, maybe not...  You see, if you can't answer the guestion correctly in addition to your correct user id and password, your account gets locked out.  Ok so now what.  You call the bank and say darn it all my account got locked out....  What does the bank say?  Ok we will reset your password, what email address do you want the new password sent too. Oh, by the way - the new password email will not come from us.  We have someone else send it.  Hmmmm....  Oh - by the way, you may want to check your spam filter because the email make get stopped.

Seriously, What are they thinking? 

What do you think?  Does your bank or financial institutes method of authentication make you a more lucrative target?

Deborah

278 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!