New forum fights phishing

17 Jun 2004

Companies from the financial, retail, telecoms and technology sectors have banded together to combat the growing problem of phishing – scams where thieves try and trick people into revealing their bank details via email and fake websites.

The group, called the Trusted Electronic Communications Forum, is a global organisation with an aim to create industry-wide standards for technology to fight phishing, identify fraud and spoofing online. Founding members include AT&T Wireless, IBM, Siebel, HSBC, Royal Bank of Scotland, Fidelity Investments, Charles Schwab and E-Trade.

Phishing is a scam in which emails are used to deceive consumers into disclosing credit card numbers, bank account information, passwords and other sensitive information. Phishers steal a company’s identity – often by setting up a replica website designed to look like a genuine bank or financial institution – and then use it to con consumers by stealing their credit identities.

In a statement on its website, the TECF has outlined its aims as “a cross-industry, cross-geographic consortium dedicated to the standardisation of technologies, techniques, and best practices in the fight against phishing, spoofing, and identity theft”.

The TECF will work to create, deploy, and endorse solutions to the problems of identity theft online, phishing and other internet scams as presented by research studies, market analysts and by its own members. The organisation will comprise four working groups, each with a distinct focus: technology standards, best practices, social engineering and government affairs.

Phishing is a relatively new but growing internet security issue. Research from the Gartner Group indicated that 57 million US internet users had received email linked to phishing scams. In addition, more than three quarters (76pc) of the known or suspected attacks have occurred since October of last year.

The problem is not limited to the US. Last year several banks in the UK were forced to close their online operations briefly when it emerged that customers had been sent emails asking for personal account information. In February, Irish users received emails purporting to come from the credit card issuer MBNA, asking them to visit a website to change their passwords. These messages were confirmed as being fakes.

By Gordon Smith