Saturday, August 27, 2005

How banks should correspond with their customers

Preserving the Internet Channel Against Phishers

The four steps:

* No HTML email. HTML email opens all sorts of possibilities for hiding things. Train your users to expect short and simple messages.

* No links in email. Always refer to the bookmark you encourage users to create from their paper statements.

* All your websites must belong to you, and show up under your domain. Do not acclimatize users to treat other URLs as yours. If you get your users used to sites with names like "cb.pharmphr33.supersecure.com," then you shouldn't be surprised that they don't get worried when they are phished there.

* Fire people who violate these rules. Give a substantial finders fee to the first person who reports the violation. Give the money to both employees/whistleblowers and customers.


From Adam Shostack, who is learning how to talk to marketers.

4 comments:

Anonymous said...
This comment has been removed by a blog administrator.
Anonymous said...
This comment has been removed by a blog administrator.
Adam said...

What? You don't think calling people stupid is an effective way to get their attention? :)

Alice said...

That's OK, people pay me to explain things like that. If it were really so obvious, I would not have a job.