A few weeks ago I did a podcast about a proposal for an “Internet Driver’s License”. All of my podcasts are at http://www.eset.com/podcasts/ and are available as MP3’s as well.
I didn’t think the idea of the internet driver’s license would play out well, but I do think that perhaps an “Online Banking License” might be in order. Traditional methods of education are not working as well as they need to be because so many people don’t even know they need the education or that it is available.
So, what if the banks cut everyone one off of online banking until they could demonstrate the ability to spot most common phishing attacks? That’s right, tell the customer’s that they will not be able to use their online banking features, including credit card purchases until they can demonstrate that they have completed a little bit of education about phishing. I think it may be worth a try. Perhaps another approach might be for banks to phish their own customers. Set up web sites and spam out messages that are essentially phishing attacks, except that the data stays with the bank and is used to identify the gullible in order to target education at those who need it most.
I can blog and podcast until the cows come home (film at 11), but if those who need to see it are not reading the blog it isn’t going to help them. Obviously other tactics are needed.
What do you think? Feel free to comment here or email me at AskEset at Eset dot com.
Director of Technical Education
Author ESET Research, We Live Security