as of March 18, 2008, 11:30 MST
(images are served as Shockwave Flash applets)
image from on-line banking
image from on-line banking
Criminals who send out phishing e-mails often rely on official images served up by the web servers of the banks themselves. Since it costs money to provide internet bandwidth, the banks are actually paying to provide these images to criminals.
This page provides a test of Canada's chartered banks webservers. If you can see the bank's logo, that means that the bank is either too lazy or too stupid to prevent the theft of its graphic resources (a skill that most porn website operators seem to have mastered). If you can't see the image, it means one of two things: either the bank has changed the URL (web address) of its logo (unlikely), or else they have fixed the problem.
If you have to leave your money in a bank, should you choose one that allows theft (and aids criminals), or one that doesn't?
| Bank Name | A visible logo is a *bad thing*;A missing logo is a *good thing* | Pass/fail as of March 18, 2008, 11:30 MST |
|---|---|---|
| Laurentian Bank of Canada | (images are served as Shockwave Flash applets) | pass |
| Royal Bank of Canada | | fail |
| Scotiabank | | fail |
| Toronto-Dominian Bank | | fail |
| Bank of Montreal | | fail |
| Canadian Imperial Bank of Commerce | | fail |
| Alberta Treasury Branch | | fail |
| Caisse Desjardins image from on-line banking | | fail |
| National Bank of Canada image from on-line banking | | fail |
| ING Bank of Canada | | fail |
It appears that operators of most small-time porn websites are smarter than the IT departments of most large Canadian banks. It appears that these operators have learned how to prevent the unpaid use of their images (which of course constitutes their only revenue stream).
Say you operate a site called hotchicks.com, and you've paid out some money for some local models to pose for you. You sure don't want your images to be stolen by an unscrupulous competitor and offered up as original content on, say, hotblondchicks.com. Worse, you don't want that other website to make money off your pictures and have your web server provide the pictures, with you paying the bandwidth costs! And yet, Canada's chartered banks seem to be perfectly okay with paying for criminals to use their images without their consent.
Now for some examples - I just picked one at random. The operators of one website, teendreams.com, have taken steps to prevent their images from being served up on another webserver as original content. If you try to view their images through an intermediate image-aggregating service like StripDir, all you will see is "Image not found". Go ahead, visit this StripDir page (don't worry, it's not NSFW; though I don't what content is on the original website, I assume that it is NSFW). Why don't the images from sensuallib.com appear? Because their web developer is smart enough to stick a .htaccess file in each directory containing pictures (or maybe just at the top-level directory). That file prevents any of the content in that file from being served by the webserver unless the content is being requested from a webpage residing on that same webserver.
Applying this knowledge to phishing scams, we see that simply placing a .htaccess file (with appropriate directives in it) on their webservers will instantly end the collusion of Canada's chartered banks with phishing criminals. How can it be that the banks continue to be too lazy or stupid to take this simple measure? Maybe it's because bank fraud doesn't really impact their bottom line. Instead, they just pass on their losses to you, the consumer, through the vehicle of inflated banking charges. Angry yet?