On 9 Dec 2005, at 9:27 AM, Kerry Thompson wrote:
"This afternoon it became apparent about five customers may have followed the instructions from the scam and compromised their bank account details
"Kiwibank is working directly with those known to have been affected and this afternoon shut down its Internet bank transaction site as a precaution.
and you've really got to wonder why. The phishers could surely save the passwords and use them when the site comes up,
Why? Bank discovers some customers have handed out their details to the phishers. Bank says "Hrm, some customers have given out their login details. We're not quite sure which customers, but we're know some have. How about we turn off the site so that aforementioned customers don't lose money, even if it inconveniences many customers in the short term, it could prevent us from being ripped off." So, now no one can login, bank finds out who's handed out their details, probably by sheepish customers calling and saying "My bad". Aforementioned customers' login details get changed. Bank turns site back on. Later, the phishers say "Ooh look, phished details! Ima be rich!" They try to login. Oh dear, the details have been changed. No more money for the phishers. _That_, is why. OK, so maybe if the bank knew immediately WHO had been affected, they could just turn off individual accounts, but I'd hazard a guess that this wasn't the case. Is it too early for a beer? Cheers Michael