But last weekend their clients and colleagues got a little surprise. First Direct’s Twitter account was duped, sending direct messages – the Twitter equivalent to short emails – to contacts. What’s more? These weren’t just any direct messages – they were pornographic. I don’t think that boosted their image of professionalism. The direct messages sent out tantalizing links, and upon clicking, users were asked to login to Twitter. Of course, it was a phishing attack where the users were actually divulging their password to hackers.

The next day First Direct sent out a series of tweets that did little to allay fears – they mentioned twice that they’d been hacked, then tried to reassure clients that only the Twitter account had been hacked – not the bank – and that no user passwords were involved.

The Register reader Paul Eagles comments in Twitter style of 140 characters or less: “Let’s hope they are more secure with their banking systems than their twitter account,” he writes. Here’s the deal. This attack phished bank users and convinced them to give away their passwords for Twitter. The problem is that a large number of users have the same passwords for all their accounts, giving hackers potential access to more than just Twitter accounts.

So, a note to all users on all platforms. If a link sent to you looks suspect, it probably is. Clicking on it is unwise, and entering any information about yourself is plain foolishness. Your bank won’t send you porn. I promise.

We read stories about phishing and data breaches and we get worried. Some of us start thinking that maybe we’re better off (security-wise) with paper-based banking. Sending checks, receiving statements in the mail, paying bills the old fashioned way – manually with a checkbook and a stamp. But as Jean Chatzky said this morning on NBC’s Today Show, online banking is actually safer than paper-based for a few reasons.

1. People who use online banking check their account 4 times more often than those who use paper-based banking. That means if someone does fraudulently steal your identity or your banking information, you’ll find out about it more quickly and remedy the problem earlier, translating to potentially fewer losses.
2. Banks’ online systems are more secure than your mailbox and trash bin. Sure, they may not be 100% impervious to attack, but they’re much harder to hack into than your mailbox at the curb or the trash can full of sensitive information (even if it is shredded).
3. You can’t ‘wash’ an online transaction. Check washing still occurs today – where someone takes a legitimate check you signed, washes the original amount and payee information but retains your signature. They’re then free to put their own name and any amount they choose. Online transactions aren’t washable – they go where they’re meant to go, when they’re meant to go.

Basically what it boils down to is, choose a secure password that you can remember without writing it down. Keep your information to yourself, and don’t fall prey to scams inviting you “click here” to verify your information. You bank doesn’t need you to verify your information, and if they do they can find a more secure way to contact you than sending an email or putting a button on your Facebook page.

They could approach it the way AT&T did when they realized that 3% of users (iPhone owners) exploit 40% of bandwith – AT&T started looking for ways to discourage iPhone users from accessing the data services they so love. Instead of using the situation to build business and expand services (which is what any strategically driven company would do) AT&T looked for ways to hamstring their customers.

Banks could take the same approach, right? Encourage their customers to use online banking less. Scale back online services. Provide second-rate security. Promote fear in their customers.

Of course, that would mean technological dinosaurs that take the path of least resistance would inevitably lose customers to banks that provide the online services their customers want. Penalizing users for creating business process conundrums does nothing but propel corporations into decline.

So maybe, in an ideal world, banks might think to increase security to keep up with online threats. Novel idea, right? In fact it is, in a way. As online risks have grown, the majority of banks have done little to keep up with the threat level. Sometimes it’s easier from an operations perspective to reimburse money lost through identity fraud than it is to actively protect against it.

Come on, folks. Are we really lazy enough to believe that doing nothing and suffering attack is better than proactively adopting solutions to protect our customers? Check out Tricerion’s SafeLogin. It’s simple. It’s elegant. It’s easy from the bank’s side and seamless to the user.

Don’t make the mistake AT&T did. Move with the market. Take the lead. Get your groove on.