I've just received an HTML email from MBNA with clickable links etc to login to my credit card site and as proof of genuineness they have included my postcode.
Am I right in feeling uncomfortable if banks start taking this approach?
"AnthonyL" wrote
Only if you do actually click on the links in the email. Continue to type the correct URL yourself, or use your own bookmark, and there's no reason to be uncomfortable about this particular approach...
the reason to be uncomfortable is not for someone who is unaware of phishing, but the many who arent,and the fact that if banks do it, then well a well designed phish arrives, your average punter is more likely to click on it.
Bitstring , from the wonderful person AnthonyL said
? Pardon?? I mean how hard is it to find someone's post code?? I have an 'infodisc UK' CD with about 40million of them on.
In message , Tim wrote
Except it the method favoured by the criminal organisations that send out millions of these types email every day.
If a bank is genuinely doing the same then it would be time to consider changing banks as they obviously don't care about their customer's account security.
"AnthonyL" wrote
"Alan" snipped most of the message and said:
"Alan" then went on to write
MBNA are by no means alone in this. Morgan Stanley do the same. As do Egg. Cahoot have done the same.
Even FirstDirect (the golden boys of the banking industry) have sent emails including a link to their 'internet banking'!
And when LloydsTSB did it, the link was to the 'unusual' domain emb0.co.uk (which then re-directs to lloydstsb.com)!
And, no doubt, there are countless others which I haven't mentioned.
Why aren't people complaining about the entire banking *industry*, rather than just one particular company??!!! If you feel really strongly about this, perhaps you should target your criticisms at ALL the banks doing it, not just MBNA?
Glad you made this point - I now realize that I have clicked through on the egg statement e-mail - and I like to think that I am savie enough to never get caught by phishing etc.
Mark BR
probably because; the original post was re one particular example, and the posters here werent aware of thsose other examples you quoted?
There is also the fact that many companies did this a fe wyears back but to be doing it now, rather than 3 or 4 years ago, is particularily reprehensible. How recent are thso other examples? If they are very recent, sure they deserve condemnation.
My concern wasn't only the clickable links - it was the attempt to convince me that this was not phishing by including my Post code in the email as proof of genuineness as well. This is a new approach to me even though I have several credit cards and bank accounts.
Anyone who found a credit card receipt in your rubbish or recycling box would know your postcode and (if it wasn't partly masked) your account number. They might even be able to find out your email address, with a little extra spelunking.
I'm not saying the mail's not genuine, but fercrissakes treat it as fake anyway, and complain vigorously.
You've got a clue; you had the good sense to question it. The other 99% of the population, plus idiot banks that send out mails like that, are the reason why phishing exists.
Jon
"Tumbleweed" wrote
Then condemn them - they are all (but one) very recent!
BeanSmart website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.