Feeds

Miserly marks get smart to UK phishing fraudsters

Attacks up, but losses down

SANS - Survey on application security programs

Incidents of phishing targeted against holders of UK bank accounts are up, but losses are down.

UK banking association APACS cites more than 10,000 reported phishing incidents in the first quarter of 2008, a more than 200 per cent rise from the same period last year. Online banking fraud losses, however, decreased by a third from £33.5m in 2006 to £22.6m in 2007.

APACS research shows that although the number of people ignoring phishing email has increased from 75 per cent in 2006 to 82 per cent last year, there are still nearly one in five people who don’t follow these common sense precautions. In addition, although 93 per cent of people have anti-virus software on their PCs, almost one in three people (29 per cent) don’t have any anti-spyware software.

Security firm RSA backed these findings, reporting UK banking brands were the second most attacked in the world over the last 14 months. In addition, the firm found that the number of targeted institutions has gone up 23 per cent year-over-year. So, crooks are widening their nets to target small banks and financial institutions.

Recent reports suggested the increased prevalence of phishing attacks has prompted UK banking code changes that place liability for online banking losses in the hands of customers instead of banks. However, an APACS spokesman said that sections of the 2008 code that placed the onus on bank customers to take reasonable care and make sure that their anti-virus and anti-spyware software are up to date have appeared in the code since 2005. As before, customers may also be held liable for negligence if they hand over online banking credentials in response to phishing emails.

The Banking Code is a voluntary code which sets standards of good banking practice for financial institutions when dealing with personal customers in the UK. The latest version of the code can be found here (pdf).

Historically, UK banks have taken the hit for phishing losses from online bank accounts without questioning whether victims had followed "safe computing" best practices. But provisions in the code give them the right to withhold payments in cases where customers are negligent. ®

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
prev story

Whitepapers

Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.