wachovia begone
Dec. 2nd, 2009 11:24 am![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
calimacEvery once in a while, someone from my bank reminds me that I could do my banking on the web. I decline with thanks and say, "It's not secure." They assure me that their computer system is secure. I'm sure it is, which is why I use their ATMs. (And I love the new check deposit scanning system, which can read even handwritten numbers accurately.) But in order to access it from other computers, I'd have to use the Internet, and that is not secure. If it's not sniffers, it's keyloggers. (When I check my e-mail on a public computer, I open up a Word document, use the "Insert Symbol" command to click in random characters from my username and password without typing them, cut-and-paste the result into the username and password boxes, then add the rest. I have no idea whether this precaution is either necessary or sufficient.)
Another reason for not banking on the Internet is that way I know that any e-mails purporting to be from my, or any other, bank are spam, and I can delete them without bothering to look at them. If I got genuine e-mails from a bank, I'd have to sort through them, which would be a bother. When an unbreakable method of preventing spoofed e-mail has been invented, I'll accept e-mail from a bank. Not before.
This came to mind reading a follow-up article about the slow merger of Wells Fargo and Wachovia. The first bank spam e-mails I ever received was a huge barrage all claiming to be from Wachovia. Now, Wachovia was a very old bank, down in North Carolina or somewhere, but at the time it was a very new behemoth, and had not yet expanded to the west coast. I had never heard of it, and thought that the spammers had made up the bank name along with their pitch.
Boy was I surprised when I visited the New York area a few months later and discovered there really was a bank by that name. But to this day when I see it I think ... SPAM. That's not a branding experience a company really wants.
I'll go no further than using credit cards, where I have some control over the bill before I have to pay it. I bought something over the web and found duplicate charges on my statement. I phoned up the company, they looked at my record and said, "Oops." That was easy.
Such matters are also to mind when facing a proposal by an enthusiast at the temple library to install a battery of free-access web computers. At a library that's not regularly staffed, and is filled with ingenious and untrustworthy children? That does not strike me as a good idea.
Another reason for not banking on the Internet is that way I know that any e-mails purporting to be from my, or any other, bank are spam, and I can delete them without bothering to look at them. If I got genuine e-mails from a bank, I'd have to sort through them, which would be a bother. When an unbreakable method of preventing spoofed e-mail has been invented, I'll accept e-mail from a bank. Not before.
This came to mind reading a follow-up article about the slow merger of Wells Fargo and Wachovia. The first bank spam e-mails I ever received was a huge barrage all claiming to be from Wachovia. Now, Wachovia was a very old bank, down in North Carolina or somewhere, but at the time it was a very new behemoth, and had not yet expanded to the west coast. I had never heard of it, and thought that the spammers had made up the bank name along with their pitch.
Boy was I surprised when I visited the New York area a few months later and discovered there really was a bank by that name. But to this day when I see it I think ... SPAM. That's not a branding experience a company really wants.
I'll go no further than using credit cards, where I have some control over the bill before I have to pay it. I bought something over the web and found duplicate charges on my statement. I phoned up the company, they looked at my record and said, "Oops." That was easy.
Such matters are also to mind when facing a proposal by an enthusiast at the temple library to install a battery of free-access web computers. At a library that's not regularly staffed, and is filled with ingenious and untrustworthy children? That does not strike me as a good idea.
no subject
Date: 2009-12-02 08:14 pm (UTC)If you only bank from your home computer via secure HTTP and your system is well-protected against malware (viruses, trojans, worms), that operation is relatively safe. I never click on a link in e-mail that purports to lead to my bank. Gmail’s spam filter is good at distinguishing between real messages (which say boring things like “you have a new statement for this account” and “draft deducted from your account”) and spam (which is usually telling me to reset the password by clicking on a link), but at most an email will prompt me to log in directly to my account. It can also be quite handy to use online banking features that let you create custom virtual credit cards to use in individual transactions: that way, if your purchasing information is compromised, it becomes quite clear what happened, and the damage it can do is extremely limited.
Copy-pasting as you describe will work against a hardware keylogger that is looking only at the keyboard itself, but won’t protect you completely with a computer whose software is compromised. However, it will make reconstructing your login data that much more difficult, so you will probably fall into the “not worth the bother” category for the criminal who is just trying to accumulate dozens of targets to attack.
no subject
Date: 2009-12-02 09:17 pm (UTC)Relatively safe. Uh-huh. If we had some ham we could have some ham and eggs if we had some eggs. The guy I go to for computer problems says viruses are endemic.
Gmail’s spam filter is good at distinguishing between real messages and spam
I get lots of spam through the filter on my Gmail account, even though I hardly ever use my Gmail account. I don't want to rely on that. Nothing can possibly go wrong *click* go wrong *click* go wrong ...
at most an email will prompt me to log in directly to my account.
I still have to read the e-mail to see if it's legitimate or not, and if it is legitimate it'll be written in Bankerese, which is hard to decipher and consequently that much harder to distinguish from spam. I don't want to have to devote the mental elbow grease to this.
On a couple of occasions I've contacted companies to let them know someone was sending out alarmingly legitimate-looking spam in their names, only to find out that it really was legitimate!