The latest round of fake emails to bank customers is just more evidence of how well online banking security works, says Westpac New Zealand spokesman Paul Gregory.
Gregory was responding to comments in an Australian newspaper by Bill Caelli, head of Queensland University of Technology’s school of software engineering and data communications, who claims the internet is “manifestly not suitable” for online banking. In The Sunday Mail Caelli says: “Do not use it, it’s no longer safe.”
However, Westpac, the target last week of another international “phishing” expedition, believes the situation is quite the reverse.
“Our experience is scams like this happen because the banking system is so secure they can’t get in any other way. They have to send out thousands of emails to customers and non-customers alike in the hopes of getting access to any account information.”
The emails, which have circulated periodically over many months, have risen in sophistication this time, reportedly pointing to the real Westpac site but using a password box controlled by the scammers.
Gregory says of those few people who have been caught out by such emails, nobody has lost any money.
“It’s reaching the point where it doesn’t matter how sophisticated these emails get. The customers are well versed in how we do business with them and they know these are fake. We get fewer customers contacting us to say they’ve been duped each time.”
David Tripe, Massey University’s (NZ) director of the centre for banking studies, says the latest phishing expedition is a “timely reminder” to customers.
“It’s like safe sex, really. If you’re strictly monogamous and don’t wander off, then your risks are more manageable.” Tripe says customers need to be aware of the issues surrounding online banking and take all reasonable precautions.
“It’s better if you use only one PC to access your bank account and avoid places like cyber cafes if you can at all help it. They just aren’t as safe as your own computer at home.”
Tripe also says customers ensure they have the latest antivirus and firewall security installed and that they’re careful about responding to emails asking for personal information.
Tripe says while additional security measures are usually welcome, he’s hard pressed to come up with anything the banks could be doing differently.
“They operate at a reasonable level for the transactions that are being conducted. It’s difficult to pinpoint just what they could introduce to improve measures further.”
Tripe says the banks have a good record of fixing issues promptly when they do arise.