A comparative study of anti-phishing preparedness of Hong Kong and Singapore banks

Phishing poses a huge threat to the e-commerce industry. Not only does it shatter the confidence of customers towards e-commerce, but also causes electronic service providers tremendous economic loss. In order to safeguard the interests of customers, both academia and industrial practitioners have proposed various anti-phishing measures and online security policies. In this paper, we investigate the banking industry, which is one of the frequent targets of phishing, of two prominent international financial hubs - Hong Kong and Singapore. Our goal is to assess how well banks are prepared against phishing by analyzing security information available on their official Web sites. The result shows that among the four types of phishing attacks, banks in both places are well prepared to handle bogus Web sites but are inadequately prepared to handle phishing emails. In terms of method of presentation of security information, banks in both regions generally preferred FAQs and demonstrations. Despite some similarities, it is found that some regional factors like government advocacy played a significant role in adoption of the security measures. Through this research, we hope to give insights to both industry practitioners and academic researchers about preparedness of banks against phishing.