Europol arrests nine suspected of stealing 'several million' euros via phishing Europol cops have arrested nine suspected members of a cybercrime ring involved in phishing, internet scams, and money laundering. The alleged crooks are believed to have stolen "several million euros" from at least "dozens of Belgian victims," according to that nation's police, which, along with the Dutch, supported the cross …
"These messages included a phishing link that led to fake banking websites, which were used to harvest credentials."
Let's not forget the banks' culpability in this. They train their customers to be phished by sending emails, mostly marketing emails, with links in them. Two things should be made compulsory for banks:
1. No email sent to a customer should contain a link except for a few well-defined circumstances such as a password reset and certainly not without some previous interaction that ensures the customer is expecting it.*
2. Hammer home to the customers that any email purporting to be from the bank is fake, should be reported and the link should on no account be followed.
It probably wouldn't even be necessary for legislation to compel this. A regulatory requirement might be sufficient although legislation to make it a criminal offence to sign off sending such emails would be a good way to ensure the first requirement was obeyed.
* Ideally this should be eliminated by doing it off-net in a branch. Yes, real bank branches.
A friend of mine worked in IT in a bank in Aus (many years ago). The Management decided to bring in a rule, no links to customer logins in the Emails. The management even decided to send out an email to all customers saying "We will never include links to our login pages in our emails to you." But what did the Manager charged with writing the Email do? (Or more likely the Manager's secretary, as the Manager was naturally to important to write such an Email himself). They included a link to access the customer login page at the bottom.
Cue much face palming in the IT department. My mate never did say what happened to the idiot who wrote (or at least authorised) the Email. I'd like to believe they got a kick out the door, but since it was management and not a lowly peon, likely nothing happened...
I get those emails all the time purporting to be from my bank, Paypal, etc. I never click on any link provided because I already have them bookmarked. I login to the same links I've always used, yup, all is well. Nice try fraudsters, you need to up your game if you want my logins, but you won't. It's easier and more profitable to go after the low hanging fruit.
I'll second your basic premise & add that my screen reader makes such emails obscenely easy to determine are not from whom they claim. When "My B4nk" or "P4ypa1" sends me something, I hear that those bits include numbers instead of letters, so I immediately know they're shite. When the From: box includes domains like "Citibank.Google.RU" or some other weirdness, I hear that fact as my 'reader reads aloud the email headers. But my favorite is when I get stuff from senders that include emoji &/or those BoldCapitalItalicized fonts that my bank never uses & no legit business would touch for the same reason they wouldn't send email written in Comic Sans or Wingdings.
A subject line full of underlines, emoji, idiotic fonts that make the line an utter hell to listen to? It may LOOK pretty, but it SOUNDS like the marketing department has taken to eating their crayons & posting while tripping. =-/
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
