Maybank2U team has never learn the lesson. Apparently, the case reported today is nothing new but a classic ‘phishing’ case which Maybank2U are well aware of it. Clearly enough, the poor victim was not able to tell if a website is real or fake. His login information was intercepted and someone just transferred RM4,935 from his bank account illegally.
I have recently attended their private launch of the new Maybank2U 2.0 website. If only Maybank2U knows not all users are techy, and their new website doesn’t seem to address to this problem at all!
A common problem for many System Interface Designers is, they believe everyone knows hitting Ctrl+V is Paste, and no one will choose the Paste function from File menu.
The old Maybank website
Look at the amount of information, links and pictures in this page. Yes, this is catchy in a bad way- distracting users’ attention on important notice and security alert. Choice is not good, in this case.
This might easily help everyone (Including Mr. Ctrl+V and Mr. File) to fight phishing. This cost less to develop, no consultancy fee to pay (I’m happy to share), and most importantly, to convince more people to use Maybank2U!
We should take note that if the “victim” is reading the message, hes already in the right website. The phisher will not be so cooperative to put the same message for the “victim” to check, maybe he would insert his own URL. There might NOT even be a way to save people who randomly give away passwords and click on email links. I’m just curious how the phisher managed to get both his login and his TAC?! that sounds coordinated and not random phishing. I would question the INTERNAL security measures that Maybank is currently implementing.
Anyway man, the past few days u really taught me alot leh! web pages should not be designed at random, nor should they be designed purely to look good. We must understand the purpose, goals, problems and the solutions WELL before we even get started.
I might disagree a little on the cruise ship website issue. I dont think we can entirely blame a team who have never been exposed to what the web can really offer to come up with a better solution than just an extension of the physical business. I remmeber you said during our meeting that day, if they really took web presence seriously, they should form a NEW team, dedicated to that purpose, with measureable KPIs to work towards. that would produce the kind of web presence worth spending money on and in the case of the cruise ship business, even produce sales transactions.