Assessing anti-phishing preparedness: A study of online banks in Hong Kong

Phishing has enormous impacts on the financial industry. This research aims to investigate anti-phishing preparedness of banks in Hong Kong. Web sites of registered Hong Kong banks are analyzed. Information related to phishing and anti-phishing measures adopted by banks are gathered and scores are assigned to banks according to a model measuring accessibility, usability, and information content. A combined score is computed for each bank by measuring the average performance of the bank Web site in all three aspects. The analysis revealed that banks in Hong Kong were generally prepared for countering phishing attacks, and separated out into three clusters that differed in terms of accessibility. The research identified that phishing information was easier to access and was richer in content and coverage compared to information related to anti-phishing measures. Although banks attached importance to information related to anti-phishing measures they needed to improve the accessibility of such information on their Web sites and needed to provide anti-phishing measures related information corresponding to all possible types of phishing attacks including malware and phishing e-mail.