Phishing scare
hits big banks

10 Nov 2003

The internet scam known as ‘phishing’ has recently hit large retail banks in Britain after sweeping through financial institutions in the US and Australia.

Phishing, also called ‘carding’ or ‘spoofing’, is a high-tech scam in which emails are used to deceive consumers into disclosing their credit card numbers, bank account information, passwords and other sensitive information. Phishers first steal a company’s identity and then use it to con consumers by stealing their credit identities.

October saw two of Britain’s biggest banks close their online banking operations for short periods of time after their customers were sent fake emails asking for personal account details.

Halifax suspended its internet banking for a period of time after receiving calls from concerned customers.

Natwest also closed its internet banking website temporarily after receiving calls about similar emails. Barclays, Lloyds TSB and the building society Nationwide were also affected but all kept their internet banking operations open. Barclays and Royal Bank of Scotland’s Natwest suffered similar attacks in September.

The banks involved stressed that no customers had lost money but repeated warnings to account holders not to divulge financial information in response to emails.

Following the recent attacks the UK National Hi-Tech Crime Unit (NHTCU) and the UK banking industry have issued guidelines to help consumers protect themselves against internet fraudsters:

* Know who you are dealing with – always access internet banking by typing the bank’s address into your web browser. Never go to a website from a link in an email and enter personal details. If in doubt, contact the bank separately on an advertised number.

* Keep passwords and PINS safe – always be wary of unsolicited emails or calls asking you to disclose any personal details or card numbers. Keep this information secret. Be wary of disclosing any personal information to someone you don’t know. Your bank and the police would never contact you to ask you to disclose PINs or all your password information.

* Keep hold of your cash – don’t be conned by convincing emails offering you the chance to make some easy money. If it looks too good to be true, it probably is. Be especially wary of unsolicited emails from outside the UK.

* Keep your PC secure – use up-to-date anti-virus software, security patches and a personal firewall. Be extra careful if using Internet cafes or any PC which is not your own and over which you have no control.

* Check your bank’s website – if in doubt, a good place to get help and guidance on how to stay safe online is your bank’s website.

* Check your statement – if you notice anything irregular on your account contact your bank immediately.

Commenting on the attacks, Conall Lavery of internet security company Entropy said: “It appears inevitable that the phishing scams will continue to become more common. The best way to combat the problem is to educate users not to respond to the e-mails no matter how legitimate they appear.

“Anyone who receives any e-mail that links to a site requesting personal information should exercise great caution,” warned Lavery. “In the same way that you never tell anyone your PIN number, you should always protect your private information including passwords. A more long-term and costly solution would be for banks to give you something like a token or a smart card that gets entered at your PC. So if a criminal steals your secrets they still cannot access your account.”

Please visit our sponsors: CheckPoint : Entropy