Click here to open your secure message inside a browser.
That’s text taken directly from a email that’s sent out regularly by a major US bank to business customers. Can you see what’s wrong with it? Crazy right? Banks should take some of the blame when it comes to the phishing epidemic we face. Here’s another example of a poor security and privacy practice by the banking world:
Hello Mr. Walsh, this is Sara from Bank of America. Before I continue with the call, I need to confirm some details with you. What is your date of birth and what are the last four digits of your social security?
What the actual fuck?!
Ok I’d never swear at them. But I do say:
You called me. So why on earth would I give over such sensitive information to a complete stranger who just randomly called me?! Are you insane?!
How is this a good security practice? How are non-technical, non-security aware people supposed to know when they are being scammed or not, when their trusted bank follows this outrageous practice. And it’s not just Bank of America. It’s all banks.
Within the crypto world, we need to do better. By crypto world, I’m referring to the main stake holders within the ecosystem who are most likely to attract cybercriminals — wallets, exchanges, Token owners and ICOs.
How we can do better than banks
My Google alerts alerted me to a post about a “new coinbase phishing email” this morning. There’s nothing new about this type of email. Phishing is an old, well known problem. But it inspired me to write this post and come up with a proposed solution to help reduce the risk of people losing their hard earn money through email phishing scams. None of the email security companies are able to stay on top of new crypto phishing sites, so don’t rely on them alone for protection.
I would like to call upon the crypto stakeholders to stop sending emails with hyperlinked text. By that I mean, look at the way I hyperlinked the text — you can’t see the URL. When you open the link where will it go? I’ll tell you, it goes to a wikipedia page that explains what hyperlinked text is. But you can’t know that until you open it.
Please do this Crypto teams
When writing emails, please provide the full link like this: livebitcoinnews.com/new-coinbase-phishing-email-rather-elaborate — instead of hyperlinking text to that URL. And instead of using https:// or www as that will automatically hyperlink the text when you send the email.
I realize it doesn’t look as good. And it makes it more time consuming for readers to copy ‘n paste the link into their browser. It also means you can’t add link tracking to your emails. But I do believe this is a small price to pay. If you follow my proposed practice, crypto enthusiasts will most certainly trust you more and therefore more likely to invest more time and money in your brand. And they will respect the fact that you are doing your best to protect them from potential harm. It will also significantly reduce the risk of your community falling for a phishing scam as they will be less likely to open links from people who pretend to be you. And this means fewer people will get their fingers burnt — persuading their friends and family not to invest in crypto.
Unless you’re using a browser add-on like Cryptonite, or your Slack community is protected by the MetaCert security app, you can’t trust any hyperlink that purports to link to a crypto website. NEVER! Even with these products you need to remain vigilant at all times when opening links.
If just one company follows this advice I’ll be happy — as it will possibly save at least one person from losing their life savings. Writing this post is therefore a small price for me to pay in time and energy. ❤️
☞ **Please tap or click “**👏” on the left side of the screen to let Paul and others know that you appreciated this post. We would like to see Crypto communities and other stakeholders promote this email best practice in order to help protect more people from phishing scams. Please share this post with your friends and colleagues on Twitter and inside your communities.
❤️ The number of claps indicates how much you liked the post and support its content, so put those hands together as many times as you like. 🔒