Feeds

Miserly marks get smart to UK phishing fraudsters

Attacks up, but losses down

Using blade systems to cut costs and sharpen efficiencies

Incidents of phishing targeted against holders of UK bank accounts are up, but losses are down.

UK banking association APACS cites more than 10,000 reported phishing incidents in the first quarter of 2008, a more than 200 per cent rise from the same period last year. Online banking fraud losses, however, decreased by a third from £33.5m in 2006 to £22.6m in 2007.

APACS research shows that although the number of people ignoring phishing email has increased from 75 per cent in 2006 to 82 per cent last year, there are still nearly one in five people who don’t follow these common sense precautions. In addition, although 93 per cent of people have anti-virus software on their PCs, almost one in three people (29 per cent) don’t have any anti-spyware software.

Security firm RSA backed these findings, reporting UK banking brands were the second most attacked in the world over the last 14 months. In addition, the firm found that the number of targeted institutions has gone up 23 per cent year-over-year. So, crooks are widening their nets to target small banks and financial institutions.

Recent reports suggested the increased prevalence of phishing attacks has prompted UK banking code changes that place liability for online banking losses in the hands of customers instead of banks. However, an APACS spokesman said that sections of the 2008 code that placed the onus on bank customers to take reasonable care and make sure that their anti-virus and anti-spyware software are up to date have appeared in the code since 2005. As before, customers may also be held liable for negligence if they hand over online banking credentials in response to phishing emails.

The Banking Code is a voluntary code which sets standards of good banking practice for financial institutions when dealing with personal customers in the UK. The latest version of the code can be found here (pdf).

Historically, UK banks have taken the hit for phishing losses from online bank accounts without questioning whether victims had followed "safe computing" best practices. But provisions in the code give them the right to withhold payments in cases where customers are negligent. ®

Boost IT visibility and business value

More from The Register

next story
Secure microkernel that uses maths to be 'bug free' goes open source
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Four fake Google haxbots hit YOUR WEBSITE every day
Goog the perfect ruse to slip into SEO orfice
Putin: Crack Tor for me and I'll make you a MILLIONAIRE
Russian Interior Ministry offers big pile o' roubles for busting pro-privacy browser
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Securing Web Applications Made Simple and Scalable
Learn how automated security testing can provide a simple and scalable way to protect your web applications.