.comment-link {margin-left:.6em;}

Thursday, June 08, 2006

Friendly Bank plc are very helpful to "phishers of men" (clue - it's a biblical pun)

So, I've been busy.......

Meanwhile, I get an email from my Friendly Bank plc about their internet banking security protection for ME.
They send me an official Friendly Bank plc email (unencrypted, naturally) telling me to be careful about giving away my account details to any Tom, Dick or Harry Phisher, who might ask me for my account details.

For my added security(gulp!!!), Friendly Bank plc, informs me that all official emails (unencrypted, naturally) from them will always include my Title and Full Name, PLUS the last 4 digits of my account number.  Sweet!

Do they not know:
 - How many email internet gateways each email passes through to reach their end user ?
- That  each host system keeps a copy of all transmitted emails on their systems for xxx time?
- That determined hackers can easily intercept email files and read the plain text contents?

How hard can it be for a simple loop algorithm to test for two unknown digits from an account number that always starts with 00 - and ends in 4 disclosed digits!!!!!

Now I know, this of itself does not gain access to my account, BUT, it sure makes life easy for hackers -when they have a list of Full Names plus email address, plus significant digits of the matching bank account number.   Peachy Sweet!

I am contemplating how to inform Friendly Bank plc of my appreciation for their tight security systems.

Technorati Tags: , , , , , , , ,

Comments:
Vote with your wallet, mate...
 
You may have to move your business, Luke. They show how far back in the tech mix they are. No one should have any piece of their account numbers in an email. No passwords, sign ins etc, should ever be requested in emails.
 
You may have to move your business, Luke. They show how far back in the tech mix they are. No one should have any piece of their account numbers in an email. No passwords, sign ins etc, should ever be requested in emails.
 
Mr.D. I know, but changing direct debits etc is a chore.
Still, if they don't address these security issues...

CK. You're right. Exactly what I told their IT Dept. I await to see how they address these issues, but am not holding my breath.
 
You may have to move your business, Luke. They show how far back in the tech mix they are. No one should have any piece of their account numbers in an email. No passwords, sign ins etc, should ever be requested in emails.
 
Post a Comment



<< Home

This page is powered by Blogger. Isn't yours?