• United States



by Paul Kerstein

More Bank Security Woes

Nov 08, 20052 mins
CSO and CISOData and Information Security

Standard Bank last week reported that another phishing scam has hitSouth Africa, whereby its customers were sent an e-mail asking them tovalidate their e-mail addresses and account details by clicking on alink which led them to a spoofed site.

Earlier this year the major local banks, Nedbank, Absa, First NationalBank (FNB) and Standard Bank were hit by a major phishing scam, whichled to great concern, not only to IT security specialists, but to thegeneral public and business as well.

Says Roland Le Sueur, head of client devices at FNB: “The biggestthreat in security today is identity theft, and the level of thesethreats is increasing, from simple username thefts to posing as banksand getting detailed confidential information.”

Le Sueur advises: “Do not give away any personal details, ever. Alwaysgo to trusted sites, and, in cases of phishing attacks, where you areclicking on links to the bank’s homepage, make sure the URL is in factcorrect and look for the verification seal. Always check details, and,if you are suspicious or uncertain, call the bank for assistance.”

Louis Lehmann, IT security director at Standard Bank, says: “Securityis a partnership with customers, and customers are realizing this.” Henotes that during the recent scam, the bank had literally thousands ofcustomers phoning it to make it aware of the possible threat, comparedto the few hundred calls during the scams in May.

Lehmann says that no money was lost during the recent attack. He notesthat the window period of between 15 – 30 minutes from discovering thethreat to blocking the site was too short for attackers to achieveanything.

By Theo Boshoff – Computing South Africa