Jeremy Kirk, a journalist with IDG, has published an interesting story today about how customers of a collapsed bank may be at risk of phishing scams.
When Iceland’s banking system collapsed in October it made international headlines. Here in Britain, many individuals and organisations were affected as they found that withdrawals from their internet bank Icesave had been suspended.
The UK’s Financial Services Compensation Scheme (FSCS) is now co-ordinating refunds for British customers, and has said that it will be sending two emails to Icesave investors. The first will tell them how they can claim their money back, and the second email – which is to follow within a month – will ask users to log onto a website to complete the electronic transfer to a British bank or building society.
The risk is, of course, whether phishers might take advantage of the opportunity and spam out emails posing as Icesave and asking people to log in to their accounts. Would investors concerned about the safety of their money rush to click on a link without necessarily checking that they were going to the real Icesave website at www.icesave.co.uk?
My feeling is that risks would have been reduced if instead of an email a postal letter had been sent to Icesave investors, telling them of the plan. After all, it is much much more expensive and time consuming (and I suspect impractical) for cybercriminals to send out a fake letter then to knock out a quick email to millions of people in the hope of hitting a few Icesave customers.