Tuesday, October 11, 2011

fishing for a phishing link

I got an email in my inbox which - to me - was an obvious phishing attempt which purported to be from my Cahoot credit card account. So being the civic-minded kind of chap I am, I logged on to my Cahoot account to tell them about it. Now, many sites [eg eBay, PayPal] have an obvious 'report suspicious emails' link where you can forward such emails so that the company is aware of them and so take action to prevent them. Sure enough, when logging on to Cahoot [it is a Santander brand] the following was next to the log-on box:
However, when you get into the site there is no 'report phishing' link or email address. Indeed, the only email address on the site is complaints@santander [anyone else see the irony there?] - so I forwarded my phishing email to that address, asking that it be passed on to the right folk. I then got an immediate automated reply, which is standard practice, but take a look at part of that message:


Hello
Thanks for your e-mail.
 This is a receipt to let you know we've received your message, and we'll reply as soon as we can. 
...
Please note - A NUMBER OF FRAUDULENT E-MAILS ALLEGING TO BE FROM SANTANDER ARE CURRENTLY IN CIRCULATION.

Santander will never send you an e-mail asking you to click on a link, or to enter, reconfirm or change your security or card details. We will never ask you to tell us your passwords by e-mail or over the phone.
...
You can also help Santander by forwarding any Phishing email you receive to: 
phishing@santander.co.uk

We can’t respond directly to any questions via this e-mail address, but all e-mails are processed, and urgent action is taken against Phishing sites identified.   

Is it stating the obvious to ask why that email address isn't on the main website? And how many people would have set out to forward the phishing email - but given up when such a contact email wasn't on the site? The cynic in me asks if Santander really want you to send them your phishing emails - or is it just poor website content management?

No comments:

Post a Comment