ING Direct <ingdirect.com> is the latest bank to move to greater personalization in order to distinguish its messages from phony phishing attempts. The bank has added the customer’s first name and masked all but the last three digits of the customer’s number (click on inset for a closer look).
The message at left was sent to customers to market ING’s latest deposit promotion: 4.75 percent APR for new money.
The same technique is also used for routine account alerts (see inset right).
Note: The high-impact sales pitch for its 4.75 percent deposit promotion.
Analysis
While it doesn’t prevent phishers from attempting to recreate the same look (see footnote), it’s an effective first line of defense. Besides, the personalized greeting is a friendler way to communicate with customers. Citibank has been using a similar approach for more than a year (NetBanker, May 30, 2005).
Footnote: Yesterday, we received a fake email that recreated the Citibank personalized area in the upper-right corner. The crooks just left blank the Email Security Zone in the upper-right corner, figuring many users won’t look that closely at the box (click on inset for a closer look).
—JB