I agree. But frankly many Internet users (if not most) are already distrustful and at the same time we want to teach them to be cautious, asking them to pull a bank statement and compare telephone numbers when they have just been told their account has been hacked and they need to act fast, isn't realistic. Is it enough to say "never give out this information pursuant to an e-mail, or link sent to you online, or via phone for that matter?" While we can always argue the societal issues, I was hoping you techies could help me on hard tech tips :-) Parry Aftab -----Original Message----- From: Dean Anderson [mailto:dean@xxxxxxx] Sent: Sunday, December 21, 2003 4:45 PM To: Mark Smith Cc: shogunx; franck@xxxxxxxxx; ietf@xxxxxxxx; parry@xxxxxxxxx Subject: Re: [Fwd: [isdf] need help from the ietf list...can someone post this for me? or allow me to post directly?] Most scams involve things that the institutions themselves would never do, such as calling you on the telephone or sending as email to have you update your confidential finanical information. The email scams are fundamntally no different from telephone scams or door-to-door confidence scams, where the "bank" (imposter) calls you and asks you for confidential information. The real institution already has this information, and they don't need it again. The question of how to verify the Website is the wrong question to ask. Assume you can't verify it, and instead get the website address, phone number, etc from your genuine bank statement. If you get something unusual or confusing, print it out and take it to your financial institution. --Dean On Sun, 21 Dec 2003, Mark Smith wrote: > And don't trust emails asking for sensitive information. Verify their > requests independantly via the phone, for example, and just _don't_ use > a phone number that is supplied in the email.
