97% of Bank of America Customers Have Lost Their Minds

Tue Jun 5, 2007 10:55PM EDT

See Comments (26)

Hey, don't feel bad if you're a BofA customer. Most of the free world seems to be. And that's what makes bofa.com such a rich target for hackers: Lots of customers means lots of people visiting and lots of money up for the taking. A BofA phishing spam will probably net a lot more clicks than, say, a WaMu spam.

To its credit, BofA goes to exceptional lengths to attempt to protect you from phishing scams. It's one of the most convoluted login processes I've ever seen; I'll freely admit it confused me at first, too. First you have to select your state (easy!), then provide your user ID. Then you are given a SiteKey image and a name you specify. The SiteKey is something you set up once with BofA. It's a picture of something like a duck or a dog, and you tag it with a description. Then, every time you log in to BofA in the future, you are supposed to see that picture of the duck or the dog. If you don't see the picture, you're on a phony site. Make sense? If you understand the process, it's a great way to ensure that you're using a legitimate website, as a phisher won't put the proper SiteKey on the page, and you'll thus know it's a fake. Only after all of this do you input a password.

The problem with SiteKey, though, is that it is only effective after you've used the site a number of times. It doesn't make much of an imprint on you until you see if over and over again.

That's been aptly proven today by Kiplinger's, which concludes at the end of a lengthy piece on next-gen security techniques that they may all be for naught. Namely: 58 of 60 BofA customers fell for a scam website that did not show their proper SiteKey. My hunch is that SiteKey is just too complex for someone who doesn't visit his bank website more than a couple of times a week. Or possibly that people just don't understand the concept at all.

Meanwhile, anyone got any security ideas that might actually work? 

LINK: Passwords + Pictures = Security?
via Consumerist 

Comments on 97% of Bank of America Customers Have Lost Their Minds

Post a Comment

Join in the discussion. Here you'll see the comments in the order they were posted.

  • 2 Posted by sm4125 on Thu Sep 3, 2009 9:28PM EDT Report Abuse

    Heres a great idea. Lets start actually punishing criminals and keeping them in jail. That would stop a lot of crime.

  • 4 Posted by kendallrt on Thu Sep 3, 2009 4:49PM EDT Report Abuse

    BOA website is simple. " If you recognize your SiteKey image, you'll know for sure that you are at the valid Bank of America site. Confirming your SiteKey image is also how you'll know that it's safe to enter your Passcode." I have a hard time believing 97% of BOA online banking customers are that gullible to go to the wrong site. Where did you find this statistic???

  • 5 Posted by lanky86er on Thu Sep 3, 2009 4:56PM EDT Report Abuse

    The site-key concept works. It is not rocket science. If a client gets phished, shame on the client.

More Posts: First Prev 1 2 3 Next Last

Post a Comment

Sign In to Post a Comment

My Tech

Please enable your browser's cookies to activate the My Tech column.

Also on Yahoo! Tech

Computers Home Office Wi-Fi & Networking Phones & PDAs Cameras & Camcorders TV & Home Theater Portable Audio
 

Site Map | Tour | Subscribe to Yahoo! Tech

Question and Answer content at Yahoo! Tech is written by Yahoo! users at Yahoo! Answers. Yahoo! does not evaluate or guarantee the accuracy of any Yahoo! Answers content. For more information, read the Full Disclaimer.

Opinions expressed by the Advisors are their own and do not necessarily reflect the views of Yahoo! Inc. Yahoo! receives no compensation from any manufacturer or distributor nor does it compensate any Advisor for the coverage of any product or service in any Advisor's content.