Phishing education for banking customers useless

07.02.2007
User education for online banking customers on how to avoid phishing scams has been likened to nailing jelly to a wall as this form of commonsense defense has failed to work time and time again.

The failure of customers to secure their own monies for an Internet transaction, either by not using correct or up-to-date software, could potentially lead banks to pass off the responsibility of financial losses back to the customer.

Paul Henry, senior vice president of Secure Computing, said lots of financial organizations have done a great deal of customer education in response to phishing attacks.

But it has done very little, Henry said, because commonsense isn't applicable when dealing with phishers.

"Even if you manually enter a URL security is obsolete as phishers have created Trojan code that modifies the host file on Windows to automatically redirect," he said.

"Phishers can also attack a router and redirect information to a different server - user commonsense is no longer valid.