Microsoft and the banks are helping phishers to steal customers money

Last weekends phishing attack from Russia targeted 4 million customers from HBOS, Natwest and Lloyds TSB and resulted in Natwest preventing any payments being made between accounts.

Comment / opinion from James Kay, CTO, BlackSpider Technologies

• Microsoft are compounding the phishing problem by designing an Internet browser that allows users to turn off certain functions of the web page. As a result Phishers are able to turn off the address bar and replace it with a fake legitimate looking address that fools customers
• If Microsoft redesigned Internet Explorer without these turn off functions it would be harder for phishers to create realistic looking websites
• Banks need to educate their customers not to click on links received in emails
• To do this they need to stop sending out emails themselves that ask customers to click through and log in revealing their passwords. For example, Egg send out monthly emails requesting customers to do just this to view their monthly statements
• Banks need to send out emails saying go to our website and view your statement without including any links if they want to educate their customers and not lose money through phishing scams.