Flutterby™! : Phishing trips 2009-10-21 17:47:49.00331+00

Phishing trips

2009-10-21 17:47:49.00331+00 by Dan Lyke 5 comments

Every time I have to do something with a web site that uses a third party domain name for some of its dealings, like every bank I've ever done business with, or AT&T, or... well... pretty much every big company (usually the smaller companies get this right) I scream because they're just adding to the confusion that makes it easier to do phishing.

Case: I'm getting a lot of spam suggesting that I log in a sub-domain of capitalonebank.com to verify and set up my account. Actual domain is capitalone.com. When my credit union's online banking is "rcuconnect.com" and AT&T reroutes me off to who knows what when I go through password recovery, knowing that the extra "bank" in that domain name is wrong is something I don't expect from the average consumer.

I got a random voicemail today discussing nebulous "fraud alert" issues, from some outfit called "Card Services". Who the hell is that? I ignored it as obvious phish-bait, exactly the kind of generic any-corp phrasing a scammer would use.

Turned out it actually was from Bank of America, and had to do with some algorithm's decision to deny a transaction I'd made earlier in the day; but I only found out the connection after ten minutes of increasingly frustrated button-bashing through the BofA phone tree got me dumped off to the Visa department, which turns out to be called... "Card Services".

Yeah, it's exactly crap like that that makes the credit card companies more than culpable in phishing fraud. Pick a freakin' name (and a domain name), make sure it's not generic, that our cards and documents are well branded with that name, and stick with it.

Y'know... If they do things you don't like, you're free to take your business elsewhere. That's the excellent thing about capitalism.

Chase Manhattan did some particularly icky things to me back when I was a broke college student (among others, flagging my account as delinquent because they lost a payment I made to them for interest on the interest and never clearing that black mark in spite of me proving to them that they had cashed the check). I've dropped three credit cards over the years, simply because Chase bought out the smaller company which used to get my business. Each time, I've explained to them as I was closing the account, exactly why I would not do business with them.

Does it have any effect on them? Probably not, but I decided at the time that I would never do business with Chase again, and if they were the only bank in the country, I'd either work in cash, gold or barter or find another country to bank in.

Plus, I get to smile when I stumble across any of their "I'm free to do what I want" commercials, as I say to myself, "Yes. Yes, I am."

Dave, all of them do stupid things, so it's not like there's competition in the smartness axis. And it's not so much an inconvenience for me as it is for them, at least I hope: They're the ones presumably losing from fraud as a result of phsishing.

And, yeah, I don't do business with Discover or AmEx for reasons similar to your Chase issues.

There are a few that seem to be less stupid. I try and reward those with my business, rather than the obviously stupid ones who are going to pass those costs on to me somehow.